CVE-2024-3799

CVSS V2 None CVSS V3 None
Description
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a shell command execution. This issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable.
Overview
  • CVE ID
  • CVE-2024-3799
  • Assigner
  • CERT-PL
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-10T11:59:23.581Z
  • Last Modified Date
  • 2024-07-10T11:59:23.581Z
References
History
Created Old Value New Value Data Type Notes
2024-07-11 13:02:39 Added to TrackCVE