Lucene search
MitreCVELIST:CVE-2024-23749HistoryFeb 09, 2024 - 12:00 a.m.
CVE-2024-23749
2024-02-0900:00:00
mitre
www.cve.org
1
kitty vulnerability
command injection
input sanitization
code execution
0.001 Low
EPSS
Percentile
24.0%
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
Related
packetstorm
packetstorm
KiTTY 0.76.1.13 Command Injection
2024-02-08 00:00:00
zdt
zdt
KiTTY 0.76.1.13 Command Injection Exploit
2024-02-08 00:00:00
KiTTY 0.76.1.13 - Command Injection Exploit
2024-03-14 00:00:00
alpinelinux
alpinelinux
CVE-2024-23749
2024-02-09 08:15:08
cve
cve
CVE-2024-23749
2024-02-09 08:15:08
osv
osv
CVE-2024-23749
2024-02-09 08:15:08
prion
prion
Command injection
2024-02-09 08:15:00
nvd
nvd
CVE-2024-23749
2024-02-09 08:15:08
exploitdb
exploitdb
KiTTY 0.76.1.13 - Command Injection
2024-03-14 00:00:00