VYPR
Critical severity9.8NVD Advisory· Published Jan 7, 2025· Updated Jul 5, 2026

CVE-2024-50658

CVE-2024-50658

Description

Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file

Affected products

2
  • AdPortal/AdPortalcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =3.0.39

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.