CVE-2024-3955 | PiBrewing CraftBeerPi up to 4.4.1 GET Parameter http_system.py downloadlog logtime code injection

A vulnerability, which was classified as critical, has been found in PiBrewing CraftBeerPi up to 4.4.1. Affected by this issue is the function downloadlog of the file cbpi/http_endpoints/http_system.py of the component GET Parameter Handler. The manipulation of the argument logtime leads to code injection.

This vulnerability is handled as CVE-2024-3955. The attack can only be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-3955 | PiBrewing CraftBeerPi up to 4.4.1 GET Parameter http_system.py downloadlog logtime code injection

Related Posts

CVE-2023-52350 | Unisoc S8000 Ril Service out-of-bounds write

CVE-2024-34349 | Sylius up to 1.12.15/1.13.0 Name cross site scripting (GHSA-v2f9-rv6w-vw8r)

CVE-2024-6952 | itsourcecode University Management System 1.0 view_single_result.php seme sql injection

CVE-2023-40673 | Cartpauj Register Captcha Plugin up to 1.0.02 on WordPress improper control of interaction frequency