CVE Catalog

CVE-2024-50658

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.82%

53th percentile - higher than 53% of all known CVEs

Summary

A Server-Side Template Injection (SSTI) vulnerability was found in AdPortal 3.0.39. A remote attacker can exploit the shippingAsBilling and firstname parameters in the updateuserinfo.html file to execute arbitrary code.

Risk Assessment

An attacker could take over the server, steal data, or disrupt operations, posing a serious threat to confidentiality, integrity, and availability.

Recommendation

Immediately update AdPortal to the latest version that fixes this vulnerability and perform a security audit of the application.

Original NVD description (English source)

Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file

Vulnerability data from NVD (NIST) · CISA KEV · EPSS