CVE-2024-27708
Unknown
Unknown - Not Provided
Iframe Injection in MyNET β€ v26.06 Enables Remote Code Execution
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: MITRE
Description
Description
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mynet | mynet | 26.06 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-75 | The product does not adequately filter user-controlled input for special elements with control implications. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an iframe injection flaw in airc.pt/solucoes-servicos.solucoes MyNET version 26.06 and earlier. It allows a remote attacker to execute arbitrary code by manipulating the 'src' parameter, potentially injecting malicious content into the iframe.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including remote code execution, which can lead to complete compromise of the affected system. It can result in loss of confidentiality, integrity, and availability of data and services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70