RCE in Phoniebox

CVE-2024-3799

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to mu…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.146 (96.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References