CVE-2024-43989
published 2024-09-23CVE-2024-43989: Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through…
PriorityP354high7.5CVSS 3.1
AVNACHPRNUINSCCHILAN
EPSS
12.23%
95.7th percentile
Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| firsh | justified_image_grid | <= 4.6.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Tuoshi set_timesetting ntpserver Parameter Command Injection Attempt (CVE-2025-43989)
suricata·2026-01-06·CVSS 6.5
CVE-2024-43989 [MEDIUM] ET WEB_SPECIFIC_APPS Tuoshi set_timesetting ntpserver Parameter Command Injection Attempt (CVE-2025-43989)
ET WEB_SPECIFIC_APPS Tuoshi set_timesetting ntpserver Parameter Command Injection Attempt (CVE-2025-43989)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tuoshi set_timesetting ntpserver Parameter Command Injection Attempt (CVE-2025-43989)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:23; content:"/goform/formJsonAjaxReq"; http.request_body; content:"|22|action|22 3a 22|set_timesetting|22|"; fast_pattern; content:"|22|ntpserver"; pcre:"/\x22ntpserver[01]\x22(?:\x3a(?:\x20\x22|\x22))?[^\x2c\x7d$]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/"; reference:url,github.com/actuator/cve/tree/main/Tuoshi; reference:cve,2024-43989; classtype:attempted-admin; sid:2066604; rev:1; metadata:affected_product Tuoshi, a
No public exploits indexed.
No writeups or analysis indexed.
2024-09-23
Published