I. Vulnerability summary
Product:
aQrate by UTAX
Description:
The following vulnerability has been identified for aQrate: CVE-2024-22076. Unauthenticated remote code execution is possible. Attackers can edit the PHP script for aQrate and remotely execute unauthenticated code. The potential risk: Remote execution of unauthenticated code poses a risk of data leakage and malicious activity in web applications.
II. Solution
As a countermeasure, an improved version of aQrate is available: aQrate v8.2 Patch 43 and aQrate v10.1 Patch 8. After the update, editing the PHP script is no longer possible due to a new setting.