CVE-2024-48841

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions: FLXEON versions 9.3.4 and older

Description: Network access can be used to execute arbitrary code with elevated privileges. This issue is related to incorrect handling of file names for PHP functions include or require, which may allow a remote attacker to gain elevated privileges and execute arbitrary code.

Recommendations: For FLXEON versions 9.3.4 and older, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98CWE-77

Related Identifiers

BDU:2025-01292

CVE-2024-48841

Affected Products

Flxeon

CVE-2024-48841

Weakness Enumeration

Related Identifiers

Affected Products

References · 21