CVE-2024-1114 | openBI up to 1.0.8 Screen.php dlfile fileUrl access control

Posted by Angelo Barbosa | Jan 31, 2024 | CVE

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls.

This vulnerability was named CVE-2024-1114. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-1114 | openBI up to 1.0.8 Screen.php dlfile fileUrl access control

Related Posts

CVE-2024-31165 | Open Networking Foundation libfluid 0.1.0 unpack unchecked return value to null pointer dereference

CVE-2024-4502 | Ruijie RG-UAC up to 20240428 dhcp_client_commit.php ifName os command injection

CVE-2023-6240 | Linux Kernel RSA Decryption Marvin Attack unknown vulnerability

CVE-2024-21891 | Node.js up to 20.11.0/21.6.0 Experimental Permission Model path traversal