Overview
- Description
- IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.
- Source
- twcert@cert.org.tw
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- twcert@cert.org.tw
- CWE-78
Social media
- Hype score
- Not currently trending
CVE-2024-10653 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administr… https://t.co/kNcZ7eV5VG
@CVEnew
1 Nov 2024
427 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-10653: CRITICAL] Critical security flaw in IDExpert by CHANGING IT: lack of validation in admin interface allows remote attackers to inject OS commands with admin privileges.#cybersecurity,#vulnerability https://t.co/Vxy5MugFSE https://t.co/fxRE5mFk7W
@CveFindCom
1 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes