We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-48766



Description

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

Reserved 2024-10-08 | Published 2025-05-13 | Updated 2025-05-13 | Assigner mitre


HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-698 Execution After Redirect (EAR)

Product status

Default status
unaffected

24.7.18 before 24.10.12
affected

References

rhinosecuritylabs.com/...ch/cve-2024-46506-rce-in-netalertx/

raw.githubusercontent.com/...ner/http/netalertx_file_read.rb

cve.org (CVE-2024-48766)

nvd.nist.gov (CVE-2024-48766)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-48766

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.