CVE-2024-46310

CRITICAL NUCLEI

Cfx.re FXServer <v9601 - Info Disclosure

Title source: llm

Description

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

Nuclei Templates (1)

FXServer < v9601 - Information Exposure

MEDIUMVERIFIEDby s4e-io

References (2)

[Various Sources] http://cfxre.com

[Various Sources] https://github.com/PRX5Y/CVE-2024-46310

Scores

CVSS v3 9.1

EPSS 0.8300

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-281

Status published

Published Jan 13, 2025

Tracked Since Feb 18, 2026