CVE-2024-6950
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Published Jul 21, 2024
Updated: Jul 22, 2024
CWE ID 94
Summary
CVE-2024-6950 is a critical vulnerability affecting Prain version 1.3.0 and below. The issue lies in the HTTP POST Request Handler's /?import functionality, which is yet to be identified precisely. An attacker can manipulate the 'file' argument, leading to code injection, enabling remote code execution. The exploit for this vulnerability, designated as VDB-272072, has been disclosed to the public, posing a significant risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share