Description
OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9.
Published: 2024-03-26
Score: 7.3 High
EPSS: 1.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

No history.

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2024-08-02T17:11:00.897Z

Reserved: 2024-03-05T04:06:08.243Z

Link: CVE-2024-28033

cve-icon Vulnrichment

Updated: 2024-08-02T00:48:47.724Z

cve-icon NVD

Status : Deferred

Published: 2024-03-26T10:15:09.070

Modified: 2026-06-17T07:20:50.600

Link: CVE-2024-28033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')