Advertisement






Typora 1.7.4 Command Injection

CVE Category Price Severity
CVE-2021-39364 CWE-78 $5,000 High
Author Risk Exploitation Type Date
Victor Maurya Critical Remote 2024-02-02
CPE
cpe:cpe:/a:typora:typora:1.7.4
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020015

Below is a copy:

Typora 1.7.4 Command Injection
# Exploit Title: Typora v1.7.4 - OS Command Injection
# Discovered by: Ahmet mit BAYRAM
# Discovered Date: 13.09.2023
# Vendor Homepage: http://www.typora.io
# Software Link: https://download.typora.io/windows/typora-setup-ia32.exe
# Tested Version: v1.7.4 (latest)
# Tested on: Windows 2019 Server 64bit

# # #  Steps to Reproduce # # #

# Open the application
# Click on Preferences from the File menu
# Select PDF from the Export tab
# Check the run command at the bottom right and enter your reverse shell
command into the opened box
# Close the page and go back to the File menu
# Then select PDF from the Export tab and click Save
# Reverse shell is ready!


Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum