We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | CERTVDE |
Reserved | 2024-06-06 |
Published | 2024-07-03 |
Updated | 2024-08-01 |
A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Sebastian Dietz
CyberDanube
https://cert.vde.com/en/advisories/VDE-2024-030
https://cert.vde.com/en/advisories/VDE-2024-032
http://seclists.org/fulldisclosure/2024/Jul/6