Executive Summary

Informations
Name CVE-2024-3798 First vendor Publication 2024-07-10
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.

This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. Phoniebox in version 3.0 and higher are not affected.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3798

Sources (Detail)

https://cert.pl/en/posts/2024/07/CVE-2024-3798
https://cert.pl/posts/2024/07/CVE-2024-3798
https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-11-25 09:24:03
  • Multiple Updates
2024-07-12 17:27:23
  • Multiple Updates
2024-07-11 17:27:23
  • Multiple Updates
2024-07-10 17:27:24
  • First insertion