RCE in Phoniebox

CVE-2024-3798

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to mul…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (37.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References