CVE-2024-50707

Published: Mar 4, 2025Modified: May 28, 2025

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.

Affected (2)

Products: Uniguest: Tripleplay

Uniguest

1 product

Tripleplay

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Uniguest Tripleplay	Before 24.1.2
Uniguest Tripleplay	Version 24.2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://uniguest.com/cve-bulletins/

Source: cve@mitre.org

Vendor Advisory

https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50707-Vulnerability-Summary.pdf

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.