CVE-2024-53305

CVSS v4.0

8.9

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions Whoogle search version 0.9.0

Description The issue allows attackers to execute arbitrary code via supplying a crafted search query in the /models/config.py component.

Recommendations For Whoogle search version 0.9.0, consider restricting access to the config.py module to minimize the risk of exploitation until a patch is available.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2024-53305

GHSA-2689-CW26-6CPJ

Affected Products

Whoogle Search

CVE-2024-53305

Weakness Enumeration

Related Identifiers

Affected Products

References · 11