ГлавнаяУязвимости → CVE-2024-13971
7.5высокая

CVE-2024-13971

Описание

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Затрагиваемое ПО
Lobster-world Lobster pro
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/http://seclists.org/fulldisclosure/2026/May/1