CVE-2024-12358 | WeiYe-Jing datax-web 2.1.1 /api/job/add/ glueSource os command injection

Inserito da Angelo Barbosa | Dic 8, 2024 | CVE

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection.

This vulnerability is uniquely identified as CVE-2024-12358. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-12358 | WeiYe-Jing datax-web 2.1.1 /api/job/add/ glueSource os command injection

Post correlati

CVE-2024-0751 | Mozilla Firefox up to 115.6 Devtool Extension Privilege Escalation

CVE-2023-49356 | MP3Gain 1.6.2 apetag.c WriteMP3GainAPETag stack-based overflow

CVE-2024-49223 | Shibu Lijack CJ Change Howdy Plugin up to 3.3.1 on WordPress cross-site request forgery

CVE-2024-39381 | Adobe After Effects AVI File Parser out-of-bounds write (ZDI-24-1202)