CVE-2024-3955 – URL GET parameter “logtime” utilized within the “downloadlog” function from …

2 May 2024

Vuln ID: CVE-2024-3955

Published: 2024-05-02 10:15:08.630

Description: URL GET parameter “logtime” utilized within the “downloadlog” function from “cbpi/http_endpoints/http_system.py” is subsequently passed to the “os.system” function in “cbpi/controller/system_controller.py” without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7).

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

2 May 2024

Categorie(s):

NVD

Tag(s):

NVD

One big problem SOC teams can actually solve with AI17 May 2024
Unpacking XDR: Coverage, stitching, accregation — and the GenAI wildcard17 May 2024
The enterprise browser: The first win-win-win for CISOs, CIOs and end users17 May 2024
SailPoint’s approach to unified identity security for the modern enterprise17 May 2024
AI-generated code top cloud security concern amid 100% use rate in survey17 May 2024