CVE-2024-48766

Summary

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

Affected Software

VendorProductVersion RangeStatus
NetAlertXNetAlertX24.7.18 < 24.10.12affected

Weaknesses

  • CWE-698: CWE-698 Execution After Redirect (EAR)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References