CVE-2024-6186 | Ruijie RG-UAC 1.0 commit.php ad_log_name os command injection

Inserito da Angelo Barbosa | Giu 20, 2024 | CVE

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection.

This vulnerability is uniquely identified as CVE-2024-6186. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6186 | Ruijie RG-UAC 1.0 commit.php ad_log_name os command injection

Post correlati

CVE-2024-0713 | Monitorr 1.7.6m Services Configuration /assets/php/upload.php fileToUpload unrestricted upload

CVE-2024-38215 | Microsoft Windows up to Server 2022 23H2 Cloud Files Mini Filter Driver integer overflow

CVE-2024-2112 | 10Web Form Maker up to 1.15.22 on WordPress information disclosure

CVE-2024-35698 | YITH WooCommerce Tab Manager Plugin up to 1.35.0 on WordPress cross site scripting