CVE-2024-10035
9.8 CRITICALImproper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Inject...
Published: 2024-11-04 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-77, CWE-78, CWE-94
Affected products
| Vendor | Product |
|---|---|
| bg-tek | coslat |
Description
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-4105 — Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion (9.8 CRITICAL)
Same CWE
- CVE-2026-12176 — A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 (4.3 MEDIUM)
- CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)
- CVE-2026-54057 — Kitty is a cross-platform GPU based terminal
- CVE-2026-42853 — ApostropheCMS is an open-source Node.js content management system (6.5 MEDIUM)
- CVE-2026-12130 — A security flaw has been discovered in CodeAstro Human Resource Management System 1.0 (3.5 LOW)