PT-2024-35743 · Whapa · Whapa
B16F00T
·
Published
2024-12-05
·
Updated
2024-12-11
·
CVE-2024-53442
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
whapa version 1.59
Description
The issue concerns command injection via a crafted filename in the HTML reports component. This allows for potential exploitation through manipulated file names.
Recommendations
For whapa version 1.59, consider restricting access to the HTML reports component until a patch is available. As a temporary workaround, avoid using crafted filenames to minimize the risk of command injection.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Whapa