AI Score
Confidence
Low
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product.
[
{
"cpes": [
"cpe:2.3:a:keisuke_nakayama:awkblog:*:*:*:*:*:*:*:*"
],
"vendor": "keisuke_nakayama",
"product": "awkblog",
"versions": [
{
"status": "affected",
"version": "v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier"
}
],
"defaultStatus": "unknown"
}
]