CVE-2024-46506 Information

Description

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement as exploited in the wild in May 2025. This is related to settings.php and util.php.

Reference

https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/ https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/