OS Command Injection

github.com/olivetin/olivetin is vulnerable to OS Command Injection. The vulnerability is due to improper handling of user input in the ParseRequestURI function in service/internal/executor/arguments.go, which allows an attacker to inject and execute arbitrary operating system commands...

CVE-2025-50946

A flaw was found in github.com/olivetin/olivetin. The ParseRequestURI function in service/internal/executor/arguments.go is vulnerable to an OS command injection, allowing an attacker to execute arbitrary commands on the system. This occurs when processing a crafted URI. A remote attacker can...

GHSA-P3QF-84RG-JXFC OliveTin OS Command Injection vulnerability

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ParseRequestURI function in the arguments.go file. An attacker can execute arbitrary operating system commands by supplying crafted input to the affected process. Remediation Upgrade...

PT-2025-33034

Name of the Vulnerable Software and Affected Versions Olivetin version 2025.4.22 Description OS Command Injection exists in Custom Themes through the ParseRequestURI function located in service/internal/executor/arguments.go. Recommendations At the moment, there is no information about a newer...

CVE-2025-50946

Summary: CVE-2025-50946 is an OS command injection vulnerability in OliveTin’s ParseRequestURI function (service/internal/executor/arguments.go) used by OliveTin 2025.4.22. Exploitation allows an unauthenticated attacker to execute arbitrary OS commands via crafted URIs. The vulnerability is conf...

OliveTin 安全漏洞

OliveTin is an OliveTin open source web application. A security vulnerability exists in OliveTin version 2025.4.22, which stems from an OS command injection in the ParseRequestURI function in service/internal/executor/arguments.go...