CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.74

EPSS Ranking 98.8%

CVSS Severity

CVSS v3 Score 8.6

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netalertx_file_read.rb
https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/
https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/

Products affected by CVE-2024-48766

Netalertx » Netalertx » Version: 24.7.18

cpe:2.3:a:netalertx:netalertx:24.7.18
Netalertx » Netalertx » Version: 24.9.12

cpe:2.3:a:netalertx:netalertx:24.9.12
Netalertx » Netalertx » Version: 24.9.26

cpe:2.3:a:netalertx:netalertx:24.9.26

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-48766

Products

Pricing

Contact Us