Arbitrary Code Execution Vulnerability in FileCatalyst Web Server
CVE-2024-25155
6.1MEDIUM
What is CVE-2024-25155?
A vulnerability exists in FileCatalyst Direct versions 3.8.8 and earlier down to 3.8.6, where the web server fails to sanitize illegal characters in URLs. This oversight allows a malicious actor to create a specially crafted URL that executes arbitrary code within an HTML script tag displayed on error pages. This could lead to unauthorized actions and compromise the affected system, exposing users to potential exploitation risks.
Affected Version(s)
FileCatalyst 3.8.6 < 3.8.9