Advertisement






Nette Plugins Remote Command Execution On Laravel

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023100012

Below is a copy:

Nette Plugins Remote Command Execution On Laravel
Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE.

Example:
https://domain.com/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1

Impact:
Code injection, possible remote code execution.

Patches:
Fixed in nette/application 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette 2.0.19 and 2.1.13

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.