An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.
The vulnerability affects the exportpdf.php component included in the Panalog platform for analyzing large datasets. An attacker can send a specially crafted request to this component without needing any permissions. As a result, it is possible to execute arbitrary code on the server running the application.
An attacker can take full control of the server, gaining access to stored data, modifying it, or causing system unavailability. The vulnerability enables a complete breach of the platform's confidentiality, integrity, and availability.
Patches available from the manufacturer should be applied according to the references. It is recommended to urgently isolate the system from the public network and restrict access to the exportpdf.php component at the firewall or web server level until the update is deployed.
Beijing Panabit Network Software Co., Ltd Panalog — big data analytics platform in version 20240323 and earlier.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H