Critical severity9.9NVD Advisory· Published Sep 7, 2023· Updated Jun 17, 2026
CVE-2023-39424
CVE-2023-39424
Description
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 1.0.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.