CVE-2024-3798

CVSS V2 None CVSS V3 None
Description
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery. This issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable.
Overview
  • CVE ID
  • CVE-2024-3798
  • Assigner
  • CERT-PL
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-10T11:59:10.637Z
  • Last Modified Date
  • 2024-07-10T14:46:29.447Z
References
History
Created Old Value New Value Data Type Notes
2024-07-11 13:02:39 Added to TrackCVE