CVE-2024-34852

May 28, 2024, 5:15 p.m.

None
No Score

Description

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.

Product(s) Impacted

Product Versions
F-logic DataCube3
  • ['1.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md

Tags

cve@mitre.org
2024-05-28
CVE-2024-34852

Timeline

Published: May 28, 2024, 5:15 p.m.
Last Modified: May 28, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.