CVE-2024-7066 | F-logic DataCube3 1.0 HTTP POST Request config_time_sync.php ntp_server os command injection

Inserito da Angelo Barbosa | Lug 24, 2024 | CVE

A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection.

This vulnerability is known as CVE-2024-7066. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-7066 | F-logic DataCube3 1.0 HTTP POST Request config_time_sync.php ntp_server os command injection

Post correlati

CVE-2024-2962 | Networker Plugin up to 1.1.9 on WordPress authorization

CVE-2024-46482 | Faveo-Helpdesk 2.0.3 Ticket Generation unrestricted upload

CVE-2024-9951 | Photo Album Plus Plugin up to 8.8.05.003 on WordPress cross site scripting

CVE-2024-39915 | sni Thruk up to 3.15 /script/html2pdf.sh URL code injection