CVE-2024-9275

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-73
View all →

Vulnerability Description

A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2024-23317

MEDIUM
CVSS:6.3(Medium)

External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects...

CWE-732024

CVE-2025-2982

MEDIUM
CVSS:6.3(Medium)

A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Affected is an unknown function. The manipulation of the argument redirect leads to file inclusion. It is pos...

CWE-732025

CVE-2025-29819

MEDIUM
CVSS:6.2(Medium)

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

CWE-732025

CVE-2020-2003

MEDIUM
CVSS:6.5(Medium)

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causin...

CWE-732020

CVE-2021-27250

MEDIUM
CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to ex...

CWE-732021

CVE-2022-0593

MEDIUM
CVSS:6.5(Medium)

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated use...

CWE-732022