Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-3798
HistoryJul 10, 2024 - 12:15 p.m.

CVE-2024-3798

2024-07-1012:15:09
CWE-78
CWE-79
CWE-352
[email protected]
web.nvd.nist.gov
13
cve-2024-3798
insecure handling
get header parameter
phoniebox
open-source project
malicious requests
local network
shell command execution
reflected xss
cross-site request forgery
vulnerability
releases
tested

EPSS

0.001

Percentile

16.6%

JSON

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.

This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. 
Phoniebox in version 3.0 and higher are not affected.

Related

osv 2
vulnrichment 1
cve 1
cvelist 1
osv
osv
CVE-2024-3798
2024-07-10 12:15:09
CVE-2024-3799
2024-07-10 12:15:10
vulnrichment
vulnrichment
CVE-2024-3798 Insecure handling of GET argument in Phoniebox
2024-07-10 11:59:10
cve
cve
CVE-2024-3798
2024-07-10 12:15:09
cvelist
cvelist
CVE-2024-3798 Insecure handling of GET argument in Phoniebox
2024-07-10 11:59:10

EPSS

0.001

Percentile

16.6%

JSON
Related for NVD:CVE-2024-3798
osv2vulnrichment1cve1cvelist1