RCE in Phoniebox
CVE-2024-3798
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to mul…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.005 (37.6th percentile) — read the EPSS interpretation.
Affected products
- Phoniebox — versions 0, 3.0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (issue-tracking)