CVE-2024-5407 - Vulnerability Details - OpenCVE

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01194.

Key SSVC decision points have not yet been added.

Vendors	Products
Saltos	Rhinos

Configuration 1 [-]

cpe:2.3:a:saltos:rhinos:3.0:1190:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

The manufacturer recommends upgrading RhinOS to the most recent version (see References).

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01708}`	epss `{'score': 0.01194}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00954}`	epss `{'score': 0.01708}`

Thu, 05 Jun 2025 13:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:saltos:rhinos:3.0-1190:::::::*	cpe:2.3:a:saltos:rhinos:3.0:1190::::::

Wed, 04 Jun 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Saltos Saltos rhinos
CPEs		cpe:2.3:o:saltos:rhinos:3.0-1190:::::::*
Vendors & Products		Saltos Saltos rhinos

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-05-27T12:13:55.114Z

Updated: 2024-08-01T21:11:12.773Z

Reserved: 2024-05-27T07:26:25.583Z

Link: CVE-2024-5407

Vulnrichment

Updated: 2024-08-01T21:11:12.773Z

NVD

Status : Analyzed

Published: 2024-05-27T13:15:08.573

Modified: 2025-06-05T13:23:10.207

Link: CVE-2024-5407

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5407", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-05-27T07:26:25.583Z", "datePublished": "2024-05-27T12:13:55.114Z", "dateUpdated": "2024-08-01T21:11:12.773Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RhinOS", "vendor": "SaltOS", "versions": [{"status": "affected", "version": "3.0-1190"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Rafael Pedrero"}], "datePublic": "2024-05-27T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure."}], "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-05-27T12:13:55.114Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos"}, {"url": "https://github.com/josepsanzcamp/RhinOS"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The manufacturer recommends upgrading RhinOS to the most recent version (see References)."}], "value": "The manufacturer recommends upgrading RhinOS to the most recent version (see References)."}], "source": {"discovery": "EXTERNAL"}, "title": "Code Injection vulnerability in RhinOS from SaltOS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T14:40:36.862438Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:saltos:rhinos:3.0-1109:*:*:*:*:*:*:*"], "vendor": "saltos", "product": "rhinos", "versions": [{"status": "affected", "version": "3.0-1190"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:03:01.761Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.773Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos", "tags": ["x_transferred"]}, {"url": "https://github.com/josepsanzcamp/RhinOS", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos", "tags": ["x_transferred"]}, {"url": "https://github.com/josepsanzcamp/RhinOS", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.773Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T14:40:36.862438Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:saltos:rhinos:3.0-1109:*:*:*:*:*:*:*"], "vendor": "saltos", "product": "rhinos", "versions": [{"status": "affected", "version": "3.0-1190"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T14:41:34.338Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Code Injection vulnerability in RhinOS from SaltOS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Rafael Pedrero"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SaltOS", "product": "RhinOS", "versions": [{"status": "affected", "version": "3.0-1190"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The manufacturer recommends upgrading RhinOS to the most recent version (see References).", "supportingMedia": [{"type": "text/html", "value": "The manufacturer recommends upgrading RhinOS to the most recent version (see References).", "base64": false}]}], "datePublic": "2024-05-27T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos"}, {"url": "https://github.com/josepsanzcamp/RhinOS"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-05-27T12:13:55.114Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5407", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:11:12.773Z", "dateReserved": "2024-05-27T07:26:25.583Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2024-05-27T12:13:55.114Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:saltos:rhinos:3.0:1190:*:*:*:*:*:*", "matchCriteriaId": "0F50878A-595E-4380-B02E-F6854EBA1C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure."}, {"lang": "es", "value": "Una vulnerabilidad en RhinOS 3.0-1190 podr\u00eda permitir la inyecci\u00f3n de c\u00f3digo PHP a trav\u00e9s del par\u00e1metro \"b\u00fasqueda\" en /portal/search.htm. Esta vulnerabilidad podr\u00eda permitir que un atacante remoto realice un shell inverso en el sistema remoto, comprometiendo toda la infraestructura."}], "id": "CVE-2024-5407", "lastModified": "2025-06-05T13:23:10.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-27T13:15:08.573", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Product"], "url": "https://github.com/josepsanzcamp/RhinOS"}, {"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/josepsanzcamp/RhinOS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}