PT-2023-26064 · Xalpha · Xalpha

Leeyangee

·

Publicado

2023-07-11

·

Atualizado

2023-07-18

·

CVE-2023-37659

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions xalpha version 0.11.4
Description The issue concerns Remote Command Execution (RCE) due to improper validation of user input, which is not checked to ensure it contains numerical values before being evaluated.
Recommendations For xalpha version 0.11.4, ensure that user input is properly validated to prevent RCE attacks, specifically by checking that input values are numerical before evaluation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-37659
GHSA-JX3Q-5RGF-VRRR
PYSEC-2023-116

Produtos afetados

Xalpha