CVE-2024-9324 | Intelbras InControl up to 2.21.57 Relatório de Operadores Page /v1/operador/ fields code injection

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection.

This vulnerability is handled as CVE-2024-9324. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

CVE-2024-9324 | Intelbras InControl up to 2.21.57 Relatório de Operadores Page /v1/operador/ fields code injection

Post correlati

CVE-2024-0494 | Kashipara Billing Software 1.0 HTTP POST Request material_bill.php itemtypeid sql injection

CVE-2023-49855 | Binary Carpenter BC Menu Bar Cart Icon for WooCommerce Plugin up to 1.49.3 on WordPress cross-site request forgery

CVE-2023-46596 | Algosec FireFlow VisualFlow prior 32.20/32.50/32.60 Name/Description/Configuration File cross site scripting

CVE-2024-27319 | onnx up to 1.15.0 ONNX_ASSERT/ONNX_ASSERTM out-of-bounds