JpcertCVE-2024-28033CVE-2024-28033
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
9.0%
OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lunarnight_laboratory | webproxy | 1.7.8 | cpe:2.3:a:lunarnight_laboratory:webproxy:1.7.8:*:*:*:*:*:*:* |
| lunarnight_laboratory | webproxy | 1.7.9 | cpe:2.3:a:lunarnight_laboratory:webproxy:1.7.9:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "LunarNight Laboratory",
"product": "WebProxy",
"versions": [
{
"version": "1.7.8",
"status": "affected"
}
]
},
{
"vendor": "LunarNight Laboratory",
"product": "WebProxy",
"versions": [
{
"version": "1.7.9",
"status": "affected"
}
]
}
]References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
9.0%