Skip to main content

Impact of the CVE-2024-22076 vulnerability on our products

I. Vulnerability summary

 

Product:

aQrate by UTAX
 

Description:

The following vulnerability has been identified for aQrate: CVE-2024-22076. Unauthenticated remote code execution is possible. Attackers can edit the PHP script for aQrate and remotely execute unauthenticated code. The potential risk: Remote execution of unauthenticated code poses a risk of data leakage and malicious activity in web applications.
 

II. Solution

 
As a countermeasure, an improved version of aQrate is available: aQrate v8.2 Patch 43 and aQrate v10.1 Patch 8. After the update, editing the PHP script is no longer possible due to a new setting.