← volver
CVE-2024-39165

CVE-2024-39165

CVSS 9.8 CRITICALEPSS 0.8%CWE-94
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://synacktiv.com/en/advisories/jpgraph-professional-version-pre-authenticated-remote-code-executionhttps://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution