Submit #644954: simstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Executioninfo

Titelsimstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Execution
BeschreibungThe RCE vulnerability was discovered on /api/function/execute in latest version of SIM. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Quelle⚠️ https://github.com/simstudioai/sim/issues/961
Benutzer
 ZAST.AI (UID 87884)
Einreichung31.08.2025 15:24 (vor 9 Monaten)
Moderieren08.09.2025 11:55 (8 days later)
StatusAkzeptiert
VulDB Eintrag323058 [SimStudioAI sim bis 1.0.0 route.ts code erweiterte Rechte]
Punkte18

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!