Security Advisory

CVE-2024-4748

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-24 13:52:12

Last updated 2024-10-10 15:36:20

Assigner CERT-PL

State PUBLISHED

Description

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.

← Browse all CVEs View on cve.org ↗