CVE-2024-52401
CVSS 3.1 Score 9.6 of 10 (high)
Details
Summary
CVE-2024-52401 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Hacklog DownloadManager, from an unknown version up to 2.1.4. An attacker can exploit this issue to upload a web shell to a targeted web server, potentially leading to unauthorized access and data manipulation. The CSRF flaw enables malicious commands to be executed under the privileges of the victim, bypassing standard security measures. This vulnerability poses a significant risk to organizations using the Hacklog DownloadManager and emphasizes the importance of timely updates and strong security practices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.