जमा करें #779174: elecV2 <=3.8.3 Remote Code Executionजानकारी

शीर्षकelecV2 <=3.8.3 Remote Code Execution
विवरणThe /rpc endpoint requires no authentication. The pm2run method concatenates params[0] directly into exec('pm2 start ' + params[0]) without sanitization, enabling OS command injection. Confirmed by reading /etc/passwd from the response.
स्रोत⚠️ https://github.com/elecV2/elecV2P/issues/196
उपयोगकर्ता
 ZAST.AI (UID 87884)
सबमिशन13/03/2026 05:28 AM (4 महीनों पहले)
संयम27/03/2026 03:11 PM (14 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि353897 [elecV2 elecV2P तक 3.8.3 /rpc pm2run अधिकार वृद्धि]
अंक17

Do you know our Splunk app?

Download it now for free!