Submeter #644954: simstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Executioninformação

Títulosimstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Execution
DescriçãoThe RCE vulnerability was discovered on /api/function/execute in latest version of SIM. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Fonte⚠️ https://github.com/simstudioai/sim/issues/961
Utilizador
 ZAST.AI (UID 87884)
Submissão31/08/2025 15h24 (há 9 meses)
Moderação08/09/2025 11h55 (8 days later)
EstadoAceite
Entrada VulDB323058 [SimStudioAI sim até 1.0.0 route.ts code Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!