Server-Side Request Forgery in eladmin Product by Elunez
CVE-2024-44677

9.8CRITICAL

Key Information:

Vendor: Eladmin
Status: Eladmin
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-44677?

The eladmin product, specifically version 2.7 and earlier, is exposed to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw enables an attacker to exploit the DatabaseController.java component, potentially allowing for the execution of arbitrary code. As a consequence, unauthorized access to sensitive system functions and data might be achieved, raising significant security risks for users of the affected versions of eladmin. It is imperative for organizations to assess their deployment and implement necessary security patches to mitigate this vulnerability.

References

https://github.com/elunez/eladmin

https://github.com/jcxj/jcxj/blob/master/source/_posts/el...

https://github.com/l1uyi/cve-list/blob/main/cve-list/elad...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 21, 2024

Eladmin

What is CVE-2024-44677?

References

CVSS V3.1

Timeline