Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-3799
HistoryJul 10, 2024 - 12:15 p.m.

CVE-2024-3799

2024-07-1012:15:10
CWE-78
[email protected]
web.nvd.nist.gov
2
phoniebox
post parameter
remote code execution
cve-2024-3799
open-source project

EPSS

0.001

Percentile

16.6%

JSON

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a shell command execution.

This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.
Phoniebox in version 3.0 and higher are not affected.

Related

cvelist 1
vulnrichment 1
cve 1
osv 1
cvelist
cvelist
CVE-2024-3799 Shell command injection in Phoniebox
2024-07-10 11:59:23
vulnrichment
vulnrichment
CVE-2024-3799 Shell command injection in Phoniebox
2024-07-10 11:59:23
cve
cve
CVE-2024-3799
2024-07-10 12:15:10
osv
osv
CVE-2024-3799
2024-07-10 12:15:10

EPSS

0.001

Percentile

16.6%

JSON
Related for NVD:CVE-2024-3799
cvelist1vulnrichment1cve1osv1