CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-22107

An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.9%

CVSS Severity

CVSS v3 Score 7.2

References

https://adepts.of0x.cc/gtbcc-pwned/
https://x-c3ll.github.io/cves.html
https://adepts.of0x.cc/gtbcc-pwned/
https://x-c3ll.github.io/cves.html

Products affected by CVE-2024-22107

Gttb » Gtb Central Console » Version: 15.17.1-30814.ng

cpe:2.3:a:gttb:gtb_central_console:15.17.1-30814.ng

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22107

Products

Pricing

Contact Us