CVE-2023-26129

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions bwm-ng (affected versions not specified)

Description The issue is related to Command Injection due to improper input sanitization in the check function in the bwm-ng.js file. To potentially exploit this, an attacker needs the ability to run Node.js code within the target environment, which typically requires some level of access to the system or application hosting the Node.js environment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2023-26129

GHSA-8VW3-VXMJ-H43W

Affected Products

Bwm-Ng

CVE-2023-26129

Weakness Enumeration

Related Identifiers

Affected Products

References · 8