CVE-2024-52401

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 20, 2024
CWE ID 352

Summary

CVE-2024-52401 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Hacklog DownloadManager, from an unknown version up to 2.1.4. An attacker can exploit this issue to upload a web shell to a targeted web server, potentially leading to unauthorized access and data manipulation. The CSRF flaw enables malicious commands to be executed under the privileges of the victim, bypassing standard security measures. This vulnerability poses a significant risk to organizations using the Hacklog DownloadManager and emphasizes the importance of timely updates and strong security practices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share