CVE-2024-0945

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 26, 2024

Updated: May 17, 2024

CWE ID 918

Summary

CVE-2024-0945 is a critical server-side request forgery vulnerability affecting the Parameter Handler component in 60IndexPage versions up to 1.8.5. The issue lies in the file /include/file.php, and it can be exploited by manipulating the argument url.Attackers can initiate the attack remotely, leading to unauthorized server-side requests. The vulnerability has been publicly disclosed, and no response has been received from the vendor yet. This vulnerability, identified as VDB-252189, may pose a significant risk if not addressed promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uSp3cG
https://www.cve.org/CVERecord?id=CVE-2024-0945
https://nvd.nist.gov/vuln/detail/CVE-2024-0945

Back to Vulnerability Database

CVE-2024-0945

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations