CVE-2024-50603 | Aviatrix Controller prior 7.1.4191/7.2.4996 /v1/api os command injection

Inserito da Angelo Barbosa | Gen 8, 2025 | CVE

A vulnerability, which was classified as very critical, was found in Aviatrix Controller. Affected is the function list_flightpath_destination_instances/flightpath_connection_test of the file /v1/api. The manipulation leads to os command injection.

This vulnerability is traded as CVE-2024-50603. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-50603 | Aviatrix Controller prior 7.1.4191/7.2.4996 /v1/api os command injection

Post correlati

CVE-2023-40156 | Intel SSU Software prior 3.0.0.2 uncontrolled search path (intel-sa-01011)

CVE-2024-36414 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 server-side request forgery (GHSA-wg74-772c-8gr7)

CVE-2024-7029 | AVTECH AVM1203 up to FullImg-1023-1007-1011-1009 command injection (icsa-24-214-07)

CVE-2024-22855 | ITSS iMLog 1.307 User Maintenance Section Last Name cross site scripting (Exploit 52025 / EDB-52025)