PT-2022-16126 · Unknown · Itunesrpc-Remastered

Benjjvi

Published

2022-02-04

Updated

2022-02-11

CVE-2022-23611

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions iTunesRPC-Remastered versions prior to the version containing commit cdcd48b

Description The issue arises from improper sanitization of image file paths, leading to OS-level command injection. Users are advised to upgrade to a patched version.

Recommendations For versions prior to the one containing commit cdcd48b, upgrade to a version that includes the patch from commit cdcd48b to resolve the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2022-23611

GHSA-MJV7-R62P-VHHG

Affected Products

Itunesrpc-Remastered

PT-2022-16126 · Unknown · Itunesrpc-Remastered

CVE-2022-23611

Weakness Enumeration

Related Identifiers

Affected Products

References · 5