Vulnerability Description
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| J11G | Cruddiy | <= 202312.1 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/06/CVE-2024-4748Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-4748Third Party Advisory
- https://github.com/jan-vandenberg/cruddiy/issues/67Issue Tracking
- https://cert.pl/en/posts/2024/06/CVE-2024-4748Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-4748Third Party Advisory
- https://github.com/jan-vandenberg/cruddiy/issues/67Issue Tracking
FAQ
What is CVE-2024-4748?
CVE-2024-4748 is a vulnerability with a CVSS score of 8.8 (HIGH). The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched local...
How severe is CVE-2024-4748?
CVE-2024-4748 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-4748?
Check the references section above for vendor advisories and patch information. Affected products include: J11G Cruddiy.