VYPR
Critical severity10.0NVD Advisory· Published May 13, 2025· Updated Jun 17, 2026

CVE-2024-46506

CVE-2024-46506

Description

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: 23.01.14 through 24.x before 24.10.12
  • NetAlertX/NetAlertXllm-fuzzy2 versions
    23.01.14 through 24.x before 24.10.12+ 1 more
    • (no CPE)range: 23.01.14 through 24.x before 24.10.12
    • (no CPE)range: 23.01.14

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.