Skip to main content

    Safety-relevant information:

    Impact of the CVE-2024-22076 vulnerability on our products

    I. Vulnerability summary

    Product:
    aQrate by TA Triumph-Adler/UTAX

    Description:
    The following vulnerability has been identified for aQrate: CVE-2024-22076. Unauthenticated remote code execution is possible. Attackers can edit the PHP script for aQrate and remotely execute unauthenticated code. The potential risk: Remote execution of unauthenticated code poses a risk of data leakage and malicious activity in web applications.

    II. Solution

    As a countermeasure, an improved version of aQrate is available: aQrate v8.2 Patch 43 and aQrate v10.1 Patch 8. After the update, editing the PHP script is no longer possible due to a new setting.