RCE in Phoniebox
CVE-2024-3799
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to mu…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.146 (96.2th percentile) — read the EPSS interpretation.
Affected products
- Phoniebox — versions 0, 3.0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (issue-tracking)