CVE-2024-9006

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. It is recommended to apply a patch to fix this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jeanmarc77:123solar:1.8.4.5:*:*:*:*:*:*:*

History

25 Sep 2024, 18:44

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
References () https://github.com/jeanmarc77/123solar/commit/f4a8c748ec436e5a79f91ccb6a6f73752b336aa5 - () https://github.com/jeanmarc77/123solar/commit/f4a8c748ec436e5a79f91ccb6a6f73752b336aa5 - Patch
References () https://github.com/jeanmarc77/123solar/issues/74 - () https://github.com/jeanmarc77/123solar/issues/74 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/jeanmarc77/123solar/issues/74#issuecomment-2357653441 - () https://github.com/jeanmarc77/123solar/issues/74#issuecomment-2357653441 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.278162 - () https://vuldb.com/?ctiid.278162 - Permissions Required
References () https://vuldb.com/?id.278162 - () https://vuldb.com/?id.278162 - Third Party Advisory
References () https://vuldb.com/?submit.408298 - () https://vuldb.com/?submit.408298 - Third Party Advisory
CPE cpe:2.3:a:jeanmarc77:123solar:1.8.4.5:*:*:*:*:*:*:*
First Time Jeanmarc77 123solar
Jeanmarc77

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en jeanmarc77 123solar 1.8.4.5. Se ha calificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo config/config_invt1.php. La manipulación del argumento PASSOx provoca la inyección de código. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse. El parche se identifica como f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. Se recomienda aplicar un parche para solucionar este problema.

19 Sep 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-19 23:15

Updated : 2024-09-25 18:44


NVD link : CVE-2024-9006

Mitre link : CVE-2024-9006

CVE.ORG link : CVE-2024-9006


JSON object : View

Products Affected

jeanmarc77

  • 123solar
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')