Code Inclusion Vulnerability in Wyn Enterprise by Wyn Solutions
CVE-2024-9150

8.7HIGH

Key Information:

Vendor
Wyn Enterprise
Status
Wyn Enterprise
Vendor
CVE Published:
21 February 2025

Summary

The report generation feature in Wyn Enterprise contains a security flaw that allows insufficiently restricted code inclusion. This vulnerability enables an attacker using a low-privileged account to potentially execute arbitrary malicious code, load untrusted DLLs, and run operating system commands with elevated privileges. This serious flaw has been mitigated in the subsequent release of version 8.0.00204.0, emphasizing the importance of keeping software up to date to protect against exploitation.

Affected Version(s)

Wyn Enterprise 0 < 8.0.00204.0

References

https://www.wynenterprise.com/
product
https://cert.pl/en/posts/2025/02/CVE-2024-9150
third-party-advisory
https://efigo.pl/blog/cve-2024-9150/
technical-description

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maksym Brzęczek (efigo.pl)
.