Security Advisory

CVE-2024-2636

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-19 12:12:13

Last updated 2024-08-13 13:20:44

Assigner INCIBE

State PUBLISHED

Description

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via /config/espanol/update_password.jsp file. Modifying the M4_NEW_PASSWORD parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.

← Browse all CVEs View on cve.org ↗