| Title | https://github.com/exelban Stats < v2.11.22 Local Privilege Escalation |
|---|
| Description | The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The XPC server does not enforce client validation, and exposed methods are vulnerable to multiple command injection vulnerabilities. As a result, any client can connect to the XPC server and call vulnerable methods to execute arbitrary command as root. |
|---|
| Source | ⚠️ https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation |
|---|
| User | winslow1984 (UID 79140) |
|---|
| Submission | 01/01/2025 11:02 PM (3 months ago) |
|---|
| Moderation | 01/11/2025 08:17 PM (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 291269 [exelban stats up to 2.11.21 XPC Service shouldAcceptNewConnection command injection] |
|---|
| Points | 18 |
|---|