CVE-2024-7066 | F-logic DataCube3 1.0 HTTP POST Request config_time_sync.php ntp_server os command injection

Inserito da Angelo Barbosa | Lug 24, 2024 | CVE

A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection.

This vulnerability is known as CVE-2024-7066. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-7066 | F-logic DataCube3 1.0 HTTP POST Request config_time_sync.php ntp_server os command injection

Post correlati

CVE-2024-47825 | Cilium up to 1.14.15/1.15.9 default permission (GHSA-3wwx-63fv-pfq6)

CVE-2024-1392 | webtechstreet Elementor Addon Elements Plugin up to 1.12.12 on WordPress Dual Button Widget button1_icon cross site scripting

CVE-2024-35283 | Mitel MiContact Center Business up to 10.0.0.4 Ignite cross site scripting

CVE-2023-26211 | Fortinet FortiSOAR up to 6.4.1/6.4.4/7.0.3/7.2.2/7.3.2 Communications Module cross site scripting (FG-IR-23-088)