5 matches found
CVE-2023-28627
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...
CVE-2023-28627
CVE-2023-28627 affects pymedusa prior to 1.0.12. An attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings, leading to arbitrary OS command execution as the pymedusa user. The vulnerability arises from allowing modification of the g...
CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...
CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...
CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...