CVE-2024-32651 – changedetection.io is an open source web page change detection, website watcher, restock …

26 April 2024

Vuln ID: CVE-2024-32651

Published: 2024-04-26 00:15:08.550

Description: changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn’t required by the application (not by default and not enforced).

Base Score: 10 – CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

26 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components6 May 2024
Change Healthcare Ransomware Attack: A chronological timeline6 May 2024
Proofpoint enhances email security with pre-delivery social engineering and link protection6 May 2024
Can AI tools help reduce Zoom fatigue?6 May 2024
Hackers Use Custom Backdoor & Powershell Scripts to Attack Windows Machines6 May 2024