Security Advisory

CVE-2024-9981

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-15 07:57:31

Last updated 2024-10-15 13:54:14

Assigner twcert

State PUBLISHED

Description

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server.

← Browse all CVEs View on cve.org ↗