Security Advisory

CVE-2024-46506

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-13 00:00:00

Last updated 2025-05-13 19:09:51

Assigner mitre

State PUBLISHED

Description

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.

← Browse all CVEs View on cve.org ↗