CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-31601

CVSS 9.8v3.1pub. 2024-04-26upd. 2026-04-15

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.

πŸ€– AI Analysis
How it works

The vulnerability affects the exportpdf.php component included in the Panalog platform for analyzing large datasets. An attacker can send a specially crafted request to this component without needing any permissions. As a result, it is possible to execute arbitrary code on the server running the application.

Impact

An attacker can take full control of the server, gaining access to stored data, modifying it, or causing system unavailability. The vulnerability enables a complete breach of the platform's confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is recommended to urgently isolate the system from the public network and restrict access to the exportpdf.php component at the firewall or web server level until the update is deployed.

Who is affected

Beijing Panabit Network Software Co., Ltd Panalog β€” big data analytics platform in version 20240323 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References
CVE-2024-31601 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl