Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-0297

🗓️ 14 Jan 2023 00:00:00Reported by @huntrdevType 
cve
 cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 246 Views🌐 WEB

Code injection vulnerability in pyload repository before version 0.5.0b3.dev31.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Code Injection in Pyload
9 Jan 202311:44
githubexploit
GithubExploit		Exploit for Code Injection in Pyload
21 May 202317:09
githubexploit
GithubExploit		Exploit for Code Injection in Pyload
15 Jun 202314:28
githubexploit
GithubExploit		Exploit for Code Injection in Pyload
15 Feb 202306:28
githubexploit
GithubExploit		Exploit for Code Injection in Pyload
4 Oct 202412:03
githubexploit
0day.today		pyLoad js2py Python Execution Exploit
27 Feb 202300:00
zdt
0day.today		PyLoad 0.5.0 - Pre-auth Remote Code Execution Exploit
17 Jun 202300:00
zdt
Huntr		Pre-auth RCE
1 Jan 202315:02
huntr
Information Security Automation		Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
23 Apr 202323:11
avleonov
Circl		CVE-2023-0297
17 Jan 202310:44
circl
Rows per page
NVD
Node
pyloadpyloadRange0.4.20
[
  {
    "vendor": "pyload",
    "product": "pyload/pyload",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.5.0b3.dev31",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
jkrequest bodyflash/addcrypted2Pre-auth RCE via js2py pyimport injection in POST to flash/addcrypted2; injects Python/OS commands through jk parameter.CWE-94
cryptedrequest bodyflash/addcrypted2Pre-auth RCE via js2py pyimport injection in POST to flash/addcrypted2; injects Python/OS commands through jk parameter.CWE-94
packagerequest bodyflash/addcrypted2Pre-auth RCE via js2py pyimport injection in POST to flash/addcrypted2; injects Python/OS commands through jk parameter.CWE-94
passwordsrequest bodyflash/addcrypted2Pre-auth RCE via js2py pyimport injection in POST to flash/addcrypted2; injects Python/OS commands through jk parameter.CWE-94

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 07:36Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
CVSS 39.8
EPSS0.9294
SSVC
CWE-94
In Wild
code injection vulnerability pyload repository version 0.5.0b3.dev31
246