A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Recantha
Recantha pi Camera Project |
|
Weaknesses | CWE-20 | |
CPEs | cpe:2.3:a:recantha:pi_camera_project:*:*:*:*:*:*:*:* | |
Vendors & Products |
Recantha
Recantha pi Camera Project |
|
Metrics |
cvssV3_1
|
Tue, 03 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-03T00:00:00
Updated: 2024-09-04T13:35:17.037Z
Reserved: 2024-08-21T00:00:00
Link: CVE-2024-44809
Vulnrichment
Updated: 2024-09-04T13:35:06.043Z
NVD
Status : Awaiting Analysis
Published: 2024-09-03T22:15:04.590
Modified: 2024-09-04T14:35:12.707
Link: CVE-2024-44809
Redhat
No data.