Lucene search
K

9 matches found

OSV
OSV
added 3 days ago4 views

PYSEC-2026-308 CraftBeerPi 4 allows arbitrary code execution

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...

9.8CVSS6.1AI score0.01139EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/05/02 12:30 p.m.16 views

CraftBeerPi 4 allows arbitrary code execution

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...

9.8CVSS7.6AI score0.01139EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/02 12:30 p.m.10 views

GHSA-4F92-W438-F484 CraftBeerPi 4 allows arbitrary code execution

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...

9.8CVSS9.7AI score0.01139EPSS
Exploits0References5
NVD
NVD
added 2024/05/02 10:15 a.m.8 views

CVE-2024-3955

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

9.8CVSS7.2AI score0.01139EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 9:43 a.m.12 views

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

7.5AI score0.01139EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 9:43 a.m.15 views

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

7.5AI score0.01139EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 9:43 a.m.60 views

CVE-2024-3955

CVE-2024-3955 affects CraftBeerPi 4 up to 4.4.1.a1. The issue arises when the URL parameter logtime in the downloadlog endpoint is passed from cbpi/http_endpoints/http_system.py to os.system in cbpi/controller/system_controller.py without validation, allowing arbitrary code execution. Multiple co...

9.8CVSS7.5AI score0.01139EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

CraftBeerPi 安全漏洞

CraftBeerPi is an open source software solution for PiBrewing individual developers. A security vulnerability exists in CraftBeerPi versions 4.0.0.58 through 4.4.1.a1 that originates from the execution of arbitrary code without prior authentication...

9.8CVSS7.4AI score0.01139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-28526

Name of the Vulnerable Software and Affected Versions CraftBeerPi 4 versions 4.0.0.58 through 4.4.1.a1 Description The issue arises from the URL GET parameter logtime being utilized within the "downloadlog" function from "cbpi/http endpoints/http system.py". This parameter is subsequently passed ...

9.8CVSS6AI score0.01139EPSS
Exploits0References11
Rows per page
Query Builder