CVE-2023-7116 | WeiYe-Jing datax-web 2.1.2 HTTP POST Request /api/log/killJob processId os command injection

Inserito da Angelo Barbosa | Dic 27, 2023 | CVE

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection.

This vulnerability is handled as CVE-2023-7116. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2023-7116 | WeiYe-Jing datax-web 2.1.2 HTTP POST Request /api/log/killJob processId os command injection

Post correlati

CVE-2024-43304 | Cool Plugins Cryptocurrency Widgets Plugin up to 2.8.0 on WordPress cross site scripting

CVE-2024-20028 | MediaTek MT8512 Da out-of-bounds write (ALPS08541632)

CVE-2024-2413 | Intumit SmartRobot up to 6.1.2-202212tw hard-coded key

CVE-2024-39408 | Adobe Commerce/Magento Open Source up to 2.4.4-p9/2.4.5-p8/2.4.6-p6/2.4.7-p1 cross-site request forgery (apsb24-61)