Vulners
Lucene search
CVE-2024-7591
🗓️ 05 Sep 2024 17:16:30Reported by ProgressSoftwareType 
cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 122 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Exploit for OS Command Injection in Kemptechnologies Loadmaster | 11 Aug 202521:40 | – | githubexploit |
 | The vulnerability of the LoadMaster application deployment and management platform lies in its lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands. | 10 Feb 202500:00 | – | bdu_fstec |
 | CVE-2024-7591 | 5 Sep 202421:23 | – | circl |
 | Kemp LoadMaster 安全漏洞 | 5 Sep 202400:00 | – | cnnvd |
 | CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection | 5 Sep 202417:16 | – | cvelist |
 | Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products | 9 Sep 202420:35 | – | hackread |
 | Vulnerability fixed in Kemp LoadMaster | 6 Sep 202408:02 | – | ncsc |
 | Kemp LoadMaster Load Balancer - Unauthenticated Command Injection | 28 Jun 202615:08 | – | nuclei |
 | CVE-2024-7591 | 5 Sep 202418:15 | – | nvd |
 | CVE-2024-7591 | 5 Sep 202418:15 | – | osv |
10
Node
OR
[
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "7.2.40.0",
"versionType": "LoadMaster"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| token | request body | progs/status/login | OS command injection vulnerability in Kemp LoadMaster via the POST /progs/status/login endpoint using crafted token/token2/user/pass fields. | CWE-78 |
| token2 | request body | progs/status/login | OS command injection vulnerability in Kemp LoadMaster via the POST /progs/status/login endpoint using crafted token/token2/user/pass fields. | CWE-78 |
| logsub | request body | progs/status/login | OS command injection vulnerability in Kemp LoadMaster via the POST /progs/status/login endpoint using crafted token/token2/user/pass fields. | CWE-78 |
| user | request body | progs/status/login | OS command injection vulnerability in Kemp LoadMaster via the POST /progs/status/login endpoint using crafted token/token2/user/pass fields. | CWE-78 |
| pass | request body | progs/status/login | OS command injection vulnerability in Kemp LoadMaster via the POST /progs/status/login endpoint using crafted token/token2/user/pass fields. | CWE-78 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 08:20Current
8.4High risk
Vulners AI Score8.4
CVSS 3.17.2 - 10
EPSS0.44069
SSVC