CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-9150: Code Injection in Wyn Enterprise

8.7 CVSS

Description

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges.
This issue has been fixed in version 8.0.00204.0

Classification

CVE ID: CVE-2024-9150

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem Types

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

Affected Products

Vendor: Wyn Enterprise

Product: Wyn Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 11.91% (scored less or equal to compared to others)

EPSS Date: 2025-03-22 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-9150
https://www.wynenterprise.com/
https://cert.pl/en/posts/2025/02/CVE-2024-9150
https://efigo.pl/blog/cve-2024-9150/

Timeline

2025-02-21 12:40:09 UTC
CVE

Code Injection in Wyn Enterprise