CVE-2023-46117

Name of the Vulnerable Software and Affected Versions reconFTW versions prior to 2.7.1.1

Description A vulnerability has been identified in reconFTW where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious Content Security Policy (CSP) entry on its own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system.

Recommendations For versions prior to 2.7.1.1, upgrade to version 2.7.1.1 to address the issue. As a temporary workaround, consider restricting the use of the subdomain scanning feature until the upgrade is applied. Avoid using the tool for automated recon on untrusted domains until the issue is resolved.