9.9
CVE-2024-21663
- EPSS 1.54%
- Veröffentlicht 09.01.2024 00:15:44
- Zuletzt bearbeitet 21.11.2024 08:54:49
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginRemote code execution on ReconServer due to improper input sanitization on the prips command
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Demon1a ≫ Discord-recon SwPlatformdiscord Version < 0.0.8
Demon1a ≫ Discord-recon Version0.0.8 Updatebeta SwPlatformdiscord
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.54% | 0.716 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a
https://github.com/DEMON1A/Discord-Recon/issues/23
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7