Enviar #602373: xiaoyunjie openvpn-cms-flask 1.2.7 Command Injectioninformación

Títuloxiaoyunjie openvpn-cms-flask 1.2.7 Command Injection
DescripciónAn authenticated remote code execution vulnerability exists in the OpenVPN user creation endpoint (app/api/v1/openvpn.py), allowing privileged users to execute arbitrary commands through malicious username parameters. Details can be found in https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24.
Fuente⚠️ https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24
Usuario
 Tritium (UID 50779)
Sumisión2025-06-22 16:25 (hace 10 meses)
Moderación2025-06-27 13:03 (5 days later)
EstadoAceptado
Entrada de VulDB314091 [xiaoyunjie openvpn-cms-flask hasta 1.2.7 User Creation Endpoint /app/api/v1/openvpn.py create_user Nombre de usuario escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!