CVE-2024-3737

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 13, 2024

Updated: May 17, 2024

Summary

CVE-2024-3737 is a critical vulnerability affecting the cym1102 nginxWebUI up to version 3.9.9. The issue lies in the function "findCountByQuery" of the file "/adminPage/www/addOver." An attacker can exploit this path traversal vulnerability by manipulating the argument "dir." The exploit can be launched remotely, and the details have been made public, increasing the risk of exploitation. This vulnerability is identified as VDB-260576.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mit Kerberos 5
MIT Kerberos

Affected Vendors

Massachusetts Institute of Technology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wU3vs3
https://www.cve.org/CVERecord?id=CVE-2024-3737
https://nvd.nist.gov/vuln/detail/CVE-2024-3737

Back to Vulnerability Database