Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2024/05/02 12:30 p.m.18 views

CraftBeerPi 4 allows arbitrary code execution

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...

9.8CVSS7.6AI score0.01139EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 9:43 a.m.12 views

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

7.5AI score0.01139EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 9:43 a.m.21 views

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

7.5AI score0.01139EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 9:43 a.m.61 views

CVE-2024-3955

CVE-2024-3955 affects CraftBeerPi 4 up to 4.4.1.a1. The issue arises when the URL parameter logtime in the downloadlog endpoint is passed from cbpi/http_endpoints/http_system.py to os.system in cbpi/controller/system_controller.py without validation, allowing arbitrary code execution. Multiple co...

9.8CVSS7.5AI score0.01139EPSS
Exploits0References3
Rows per page
Query Builder