IDExpert Vulnerability Allows Remote Execution of OS Commands
CVE-2024-10653
7.2HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 1 November 2024
What is CVE-2024-10653?
A command injection vulnerability exists in IDExpert, a product from CHANGING Information Technology, due to inadequate validation of a specific parameter in the administrator interface. This oversight can be exploited by remote attackers who possess administrative privileges, enabling them to inject and execute operating system commands on the server. Such exploitation can have severe implications for system security, potentially leading to unauthorized data access and manipulation.
Affected Version(s)
IDExpert 2.5 <= 2.8