CVE-2024-57348

Name of the Vulnerable Software and Affected Versions: PecanProject pecan versions 1.7.2 through 1.8.0

Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the hostname, sitegroupid, lat, lon, and sitename parameters. This enables the attacker to perform unauthorized actions on the affected system.

Recommendations: For PecanProject pecan versions 1.7.2 through 1.8.0, consider restricting access to the vulnerable parameters hostname, sitegroupid, lat, lon, and sitename to minimize the risk of exploitation until a patch is available. Avoid using these parameters in crafted payloads to prevent arbitrary code execution.