CVE-2024-48766 Information

Description

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect and because of factors related to strpos and directory traversal as exploited in the wild in May 2025. This is related to components/logs.php.

Reference

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netalertx_file_read.rb https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/ https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/