CVE-2024-6424 Information

Description

External server-side request vulnerability in MESbook 20221021.03 version which could allow a remote unauthenticated attacker to exploit the endpoint /api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST\ or /api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST\ to read the source code of web files read internal files or access network resources.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook