CVE-2024-0946 | 60IndexPage up to 1.8.5 Parameter /apply/index.php url server-side request forgery

Inserito da Angelo Barbosa | Gen 26, 2024 | CVE

A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery.

This vulnerability was named CVE-2024-0946. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0946 | 60IndexPage up to 1.8.5 Parameter /apply/index.php url server-side request forgery

Post correlati

CVE-2023-48643 | Shrubbery tac_plus up to 2.x/3.x/4.0.4.28 Configuration File tac_plus.cfg os command injection

CVE-2024-7579 | Alien Technology ALR-F800 up to 19.10.24.00 File Name upgrade.cgi popen uploadedFile os command injection

CVE-2024-42966 | TOTOLINK N350RT 9.3.5u.6139_B20201216 Request ExportSettings.sh access control

CVE-2024-25226 | Simple Admin Panel App 1.0 Add Category Category Name cross site scripting