NetAlert X - Arbitary File Read

A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12. id: CVE-2024-48766 info: name: NetAlert X - Arbitary File Read author: s4e-io severity: critical description: | A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18...

The vulnerability of the saveSettings() function in the settings.php script of the NetAlert X intrusion notification network infrastructure allows a intruder to execute arbitrary code.

The vulnerability of the saveSettings function in the settings.php script of the NetAlert X intrusion notification network infrastructure is related to the failure to take measures to neutralize special elements used in the command due to lack of authentication. Exploiting this vulnerability can...

The vulnerability in the security.php script of the NetAlert X intrusion notification network infrastructure allows a perpetrator to read arbitrary files.

The vulnerability in the security.php script of the NetAlert X intrusion notification network infrastructure is related to an incorrect restriction on the path to the restricted directory, resulting from a lack of authentication. Exploiting this vulnerability allows an attacker to read arbitrary...