CVE-2024-50623

描述： In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

CVE-2024-50623 allows a remote unauthenticated attacker to both read arbitrary files from the target system and write arbitrary files to the target system. Security firm watchTowr published a technical analysis of this vulnerability. The vendor guidance for CVE-2024-50623 indicates that CVE-2024-50623 was exploited in the wild circa October 2024, and several IOCs related to web shells were published from this time.

We researched a separate but similar vulnerability in December 2024, CVE-2024-55956, and our Rapid7 Analysis compares and contrast these two vulnerabilities, CVE-2024-50623 and CVE-2024-55956.

其他

#attackerkb.com

CVE-2024-50623

http://example.com/2025/07/11/other_2992416650/

作者

lianccc

发布于

2025年7月11日

许可协议

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) 上一篇

CVE-2025-6543 下一篇