Critical severity9.8OSV Advisory· Published Oct 24, 2024· Updated Apr 15, 2026
CVE-2024-41617
CVE-2024-41617
Description
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The redirect_if_not_loggedin function in functions_security.php fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v1.0.1, v1.0.2, v1.0.3, …+ 1 more
- (no CPE)range: v1.0.1, v1.0.2, v1.0.3, …
- (no CPE)range: <=1.2.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.