Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2024-02-19T23:41:47.207Z
Updated: 2024-08-28T19:46:53.377Z
Reserved: 2024-02-06T21:45:03.994Z
Link: CVE-2024-1297
Vulnrichment
Updated: 2024-08-01T18:33:25.342Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T00:15:14.463
Modified: 2024-02-20T19:50:53.960
Link: CVE-2024-1297
Redhat
No data.