CVE-2024-47769

Summary

CVE-2024-47769 is a high-severity vulnerability found in the IDURAR open-source ERP CRM accounting invoicing software, specifically within the corePublicRouter.js file. This flaw enables unauthorized users to access a public endpoint where input is inadequately validated, allowing attackers to inject malicious URL-encoded payloads that can exploit path traversal to read sensitive system files. Affected products include various implementations of IDURAR software. To mitigate this vulnerability, it is recommended that users review and apply the latest updates and patches provided in security advisories. Organizations face a significant risk to confidentiality due to the potential exposure of sensitive data through this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.