A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vegam Solutions
Vegam Solutions vegam 4i |
|
Weaknesses | CWE-125 | |
CPEs | cpe:2.3:a:vegam_solutions:vegam_4i:*:*:*:*:*:*:*:* | |
Vendors & Products |
Vegam Solutions
Vegam Solutions vegam 4i |
|
Metrics |
cvssV3_1
|
Fri, 22 Nov 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.47.0 and earlier allows a remote attacker to obtain sensitive information via the print labelling function. | A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. |
Wed, 20 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Local File Inclusion vulnerability in Vegam Solutions Vegam 4i v.6.3.47.0 and earlier allows a remote attacker to obtain sensitive information via the print labelling function. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-20T00:00:00
Updated: 2024-11-27T17:12:22.132Z
Reserved: 2024-10-28T00:00:00
Link: CVE-2024-51163
Vulnrichment
Updated: 2024-11-27T17:12:13.560Z
NVD
Status : Awaiting Analysis
Published: 2024-11-20T17:15:18.417
Modified: 2024-11-27T18:15:17.760
Link: CVE-2024-51163
Redhat
No data.