Security Advisory

CVE-2024-39165

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-04 00:00:00

Last updated 2025-09-02 15:14:32

Assigner mitre

State PUBLISHED

Description

QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.

← Browse all CVEs View on cve.org ↗