CVE-2024-50658
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk53th percentile - higher than 53% of all known CVEs
Summary
A Server-Side Template Injection (SSTI) vulnerability was found in AdPortal 3.0.39. A remote attacker can exploit the shippingAsBilling and firstname parameters in the updateuserinfo.html file to execute arbitrary code.
Risk Assessment
An attacker could take over the server, steal data, or disrupt operations, posing a serious threat to confidentiality, integrity, and availability.
Recommendation
Immediately update AdPortal to the latest version that fixes this vulnerability and perform a security audit of the application.
Original NVD description (English source)
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file

