Cyber Resilience

CVE-2024-48445

Critical

Published: 04 February 2025

Published
04 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1555 94.8th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48445 is a critical-severity Improper Authentication (CWE-287) vulnerability in Packetstorm (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-48445 is an improper authentication vulnerability in compop.ca ONLINE MALL version 3.5.3. The flaw permits remote code execution through the rid, tid, et, and ts parameters and carries a CVSS 3.1 score of 9.8.

A remote attacker with no credentials or user interaction can supply crafted values to these parameters, resulting in arbitrary code execution on the affected server and full compromise of confidentiality, integrity, and availability.

The two provided references point to the same Packet Storm entry that appears to contain exploit material, but neither reference nor the CVE record itself supplies patch, mitigation, or workaround guidance. The associated EPSS score has remained flat at 0.1555 with no indicated rise after disclosure.

EU & UK References

Vulnerability details

An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct RCE in unauthenticated public-facing web app maps to exploitation of public-facing application for initial access and code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287
CVE-2026-0589Shared CWE-287

Affected Assets

Packetstorm
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in compop.ca ONLINE MALL v3.5.3 enabling arbitrary code execution via manipulated parameters.

prevent

Validates inputs such as rid, tid, et, and ts parameters to block malicious data leading to remote code execution.

prevent

Enforces proper identification and authentication for non-organizational users, mitigating the improper authentication (CWE-287) that allows unauthenticated exploitation.

References