Impact
An operating‑system command injection flaw exists in the /manage/features/media module of kanishka-linux Reminiscence v0.3.0. The flaw allows an attacker to supply crafted input that is passed directly to the shell, enabling arbitrary command execution. An attacker who can reach the vulnerable interface could compromise confidentiality, integrity, and availability of the affected system.
Affected Systems
The only product explicitly referenced is kanishka-linux Reminiscence version 0.3.0. No additional vendor or product details are available from the data.
Risk and Exploitability
The CVSS score of 8.1 indicates high severity, while the EPSS score of 1% indicates a low but non‑negligible exploitation probability. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, via the web component, and requires the attacker to supply a malicious payload to the /manage/features/media endpoint. If successful, the attacker can run arbitrary commands on the host.
OpenCVE Enrichment