PT-2024-24027 · Soflyy · Soflyy Oxygen Builder
Snicco
·
Published
2024-04-03
·
Updated
2024-08-26
·
CVE-2024-31380
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Soflyy Oxygen Builder versions prior to 4.9
Description
The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', which allows code injection in Soflyy Oxygen Builder. This is a critical issue that can be remotely exploited. The vendor has been reported to be ignoring the issue and refusing to patch it.
Recommendations
For versions prior to 4.9, update to a newer version as soon as possible to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable component until a patch is available.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Soflyy Oxygen Builder