Lucene search

JpcertCVELIST:CVE-2024-28033

HistoryMar 26, 2024 - 9:34 a.m.

CVE-2024-28033

2024-03-2609:34:07

jpcert

www.cve.org

vulnerability

webproxy

os command injection

remote attacker

arbitrary command

privilege escalation

web server

developer

unreachable

unauthenticated

cve-2024-28033

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9.

CNA Affected

[
  {
    "vendor": "LunarNight Laboratory",
    "product": "WebProxy",
    "versions": [
      {
        "version": "1.7.8",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LunarNight Laboratory",
    "product": "WebProxy",
    "versions": [
      {
        "version": "1.7.9",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN22376992/