Vulnerability Description
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mocodo | Mocodo Online | <= 4.2.6 |
Related Weaknesses (CWE)
References
- https://chocapikk.com/posts/2024/mocodo-vulnerabilities/ExploitThird Party Advisory
- https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2Product
- https://chocapikk.com/posts/2024/mocodo-vulnerabilities/ExploitThird Party Advisory
- https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2Product
FAQ
What is CVE-2024-35374?
CVE-2024-35374 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection...
How severe is CVE-2024-35374?
CVE-2024-35374 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-35374?
Check the references section above for vendor advisories and patch information. Affected products include: Mocodo Mocodo Online.