CVE-2024-43404 | NicPWNs MEGABOT up to 1.4.x /math eval expression neutralization of directives (ID 137)

Inserito da Angelo Barbosa | Ago 20, 2024 | CVE

A vulnerability classified as very critical was found in NicPWNs MEGABOT up to 1.4.x. Affected by this vulnerability is the function eval of the file /math. The manipulation of the argument expression leads to improper neutralization of directives in dynamically evaluated code (‘eval injection’).

This vulnerability is known as CVE-2024-43404. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-43404 | NicPWNs MEGABOT up to 1.4.x /math eval expression neutralization of directives (ID 137)

Post correlati

CVE-2023-51141 | ZKTeco BioTime up to 8.5.4 Authorization Component information disclosure

CVE-2023-49132 | Siemens Solid Edge SE2023 up to 223.0 Update 9 PAR File uninitialized pointer (ssa-589891)

CVE-2024-2451 | TeamViewer Remote Full Client/Remote Host prior 15.54 signature verification

CVE-2023-42871 | Apple iOS/iPadOS prior 17.0 memory corruption