How severe is CVE-2024-9324?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-9324?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-9324 - MEDIUM Severity | CVSS 8.8

Vulnerability Description

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

Related Vulnerabilities

CVE-2012-1496

HIGH

CVSS:8.8(High)

Local file inclusion in WebCalendar before 1.2.5.

CWE-742012

CVE-2013-3628

HIGH

CVSS:8.8(High)

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

CWE-742013

CVE-2014-5083

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 p...

CWE-742014

CVE-2014-5084

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instan...

CWE-742014

CVE-2014-5085

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 perta...

CWE-742014

CVE-2014-5086

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CV...

CWE-742014