Advertisement






7 Sticky Notes 1.9 Command Injection

CVE Category Price Severity
CVE-2020-28038 CWE-78 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2024-02-02
CVSS
CVSS:4.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020013

Below is a copy:

7 Sticky Notes 1.9 Command Injection
# Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection
# Discovered by: Ahmet mit BAYRAM
# Discovered Date: 12.09.2023
# Vendor Homepage: http://www.7stickynotes.com
# Software Link:
http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe
# Tested Version: 1.9 (latest)
# Tested on: Windows 2019 Server 64bit

# # #  Steps to Reproduce # # #

# Open the program.
# Click on "New Note".
# Navigate to the "Alarms" tab.
# Click on either of the two buttons.
# From the "For" field, select "1" and "seconds" (to obtain the shell
within 1 second).
# From the "Action" dropdown, select "command".
# In the activated box, enter the reverse shell command and click the "Set"
button to set the alarm.
# Finally, click on the checkmark to save the alarm.
# Reverse shell obtained!

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.