Skip to main content

    Impact of the CVE-2024-22076 vulnerability on our products

    I. Vulnerability summary

     

    Product:

    aQrate by UTAX
     

    Description:

    The following vulnerability has been identified for aQrate: CVE-2024-22076. Unauthenticated remote code execution is possible. Attackers can edit the PHP script for aQrate and remotely execute unauthenticated code. The potential risk: Remote execution of unauthenticated code poses a risk of data leakage and malicious activity in web applications.
     

    II. Solution

     
    As a countermeasure, an improved version of aQrate is available: aQrate v8.2 Patch 43 and aQrate v10.1 Patch 8. After the update, editing the PHP script is no longer possible due to a new setting.