Arbitrary Code Execution Vulnerability in iFood Order Manager v3.35.5
CVE-2024-39069

7.8HIGH

Key Information:

Vendor: iFood Order Manager
Status: ifood Order Manager
Vendor: CVE Published:; 9 July 2024

🔔 Create iFood Order Manager Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-39069?

The ifood Order Manager version 3.35.5 contains a DLL hijacking vulnerability within 'Gestor de Peddios.exe'. This issue permits attackers to execute arbitrary code, potentially compromising the affected system. Users of the software are advised to review their security posture and consider updating to the latest version to mitigate the risks associated with this vulnerability.

References

https://youtu.be/oMIobV2M0T8

https://github.com/AungSoePaing/CVE-2024-39069

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 9, 2024
👾
Exploit known to exist
Jul 9, 2024
Vulnerability published
Jul 9, 2024

CVE-2024-39069 Data

JSON