CVE-2024-9006

Summary

CVE-2024-9006 is a critical vulnerability identified in the 123solar 1.8.4.5 application by jeanmarc77, which allows for code injection through the manipulation of the PASSOx argument in the config/config_invt1.php file. This vulnerability can be exploited remotely, posing a risk to affected organizations by potentially compromising system integrity and confidentiality. A patch to remediate this issue has been made available, identified as commit f4a8c748ec436e5a79f91ccb6a6f73752b336aa5, and it is recommended that users apply this fix promptly. The vulnerability has been disclosed publicly, increasing its likelihood of exploitation. Organizations should be aware that the exploit has a low attack complexity and requires minimal privileges, making it accessible to attackers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.