Kaze

**Name of the Vulnerable Software and Affected Versions** CRUDDIY (affected versions not specified) **Description** The issue allows for shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. However, a user with the project running on their computer might visit a website that would send such a malicious request to the locally launched server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.