제출 #602373: xiaoyunjie openvpn-cms-flask 1.2.7 Command Injection정보

제목	xiaoyunjie openvpn-cms-flask 1.2.7 Command Injection
설명	An authenticated remote code execution vulnerability exists in the OpenVPN user creation endpoint (app/api/v1/openvpn.py), allowing privileged users to execute arbitrary commands through malicious username parameters. Details can be found in https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24.
원천	⚠️ https://github.com/xiaoyunjie/openvpn-cms-flask/issues/24
사용자	Tritium (UID 50779)
제출	2025. 06. 22. PM 04:25 (10 개월 ago)
모더레이션	2025. 06. 27. PM 01:03 (5 days later)
상태	수락
VulDB 항목	314091 [xiaoyunjie openvpn-cms-flask 까지 1.2.7 User Creation Endpoint /app/api/v1/openvpn.py create_user 사용자 이름 권한 상승]
포인트들	17

Do you need the next level of professionalism?

Upgrade your account now!