Server-Side Request Forgery in eladmin Product by Elunez
CVE-2024-44677

9.8CRITICAL

Key Information:

Vendor: Eladmin
Status: Eladmin
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-44677?

The eladmin product, specifically version 2.7 and earlier, is exposed to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw enables an attacker to exploit the DatabaseController.java component, potentially allowing for the execution of arbitrary code. As a consequence, unauthorized access to sensitive system functions and data might be achieved, raising significant security risks for users of the affected versions of eladmin. It is imperative for organizations to assess their deployment and implement necessary security patches to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/elunez/eladmin

https://github.com/jcxj/jcxj/blob/master/source/_posts/el...

https://github.com/l1uyi/cve-list/blob/main/cve-list/elad...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 21, 2024

JSON

Eladmin

What is CVE-2024-44677?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.