A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.
History

Wed, 04 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Recantha
Recantha pi Camera Project
Weaknesses CWE-20
CPEs cpe:2.3:a:recantha:pi_camera_project:*:*:*:*:*:*:*:*
Vendors & Products Recantha
Recantha pi Camera Project
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Description A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-03T00:00:00

Updated: 2024-09-04T13:35:17.037Z

Reserved: 2024-08-21T00:00:00

Link: CVE-2024-44809

cve-icon Vulnrichment

Updated: 2024-09-04T13:35:06.043Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-03T22:15:04.590

Modified: 2024-09-04T14:35:12.707

Link: CVE-2024-44809

cve-icon Redhat

No data.