PT-2026-28725 · Elecv2 · Elecv2
Zast.Ai
·
Published
2026-03-28
·
Updated
2026-03-29
·
CVE-2026-5011
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
elecV2 versions prior to 3.8.4
Description
A code injection issue exists in the JSON Parser component due to manipulation of the
rawcode argument within the runJSFile function of the /webhook file. Remote exploitation is possible. The project was informed of the issue but has not responded.Recommendations
Update to version 3.8.4 or later.
Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Elecv2