PT-2024-35500 · Unknown · Iota C.Ai Conversational Platform
Jeremy Chen
+1
·
Published
2024-11-27
·
Updated
2026-03-06
·
CVE-2024-52959
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H |
Name of the Vulnerable Software and Affected Versions
iota C.ai Conversational Platform versions 1.0.0 through 2.1.3
Description
A code injection vulnerability in the plugin management of iota C.ai Conversational Platform allows remote authenticated users to execute arbitrary system commands via a DLL file. This issue is related to improper control of code generation.
Recommendations
For versions 1.0.0 through 2.1.3, consider disabling the plugin management feature to prevent exploitation until a patch is available. Restrict access to the DLL file to minimize the risk of arbitrary system command execution.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iota C.Ai Conversational Platform