NetCat CMS v. 6.4.0.24126.2 and possibly others
Impact: The vulnerability allows to gain a list of valid accounts in the system, which could be a basis for further attacks
Access Vector: Remote
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
6.9
CVE-2024-8651
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system.
Apply patch from vendor https://netcat.ru/. Versions 6.4.0.24248 and on have the patch.
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md https://www.cve.org/CVERecord?id=CVE-2024-8651