जमा करें #779173: elecV2 <=3.8.3 Remote Code Executionजानकारी

शीर्षकelecV2 <=3.8.3 Remote Code Execution
विवरणRemote Code Execution (RCE) vulnerability in elecV2P via the /webhook endpoint. The /webhook endpoint accepts a rawcode parameter that is passed directly to runJSFile(). When JSON parsing fails, utils/string.js evaluates the input using new Function("return " + str), enabling arbitrary JavaScript execution including child_process calls. Confirmed via DNS callback.
स्रोत⚠️ https://github.com/elecV2/elecV2P/issues/195
उपयोगकर्ता
 ZAST.AI (UID 87884)
सबमिशन13/03/2026 05:27 AM (4 महीनों पहले)
संयम27/03/2026 03:11 PM (14 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि353896 [elecV2 elecV2P तक 3.8.3 JSON Parser /webhook runJSFile rawcode अधिकार वृद्धि]
अंक19

Do you want to use VulDB in your project?

Use the official API to access entries easily!