daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix colon issue

patch-1
Dhiyaneshwaran 2023-08-21 12:34:08 +05:30 committed by GitHub
parent 8501e5e280
commit 629618952b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/vulnerabilities/other/maltrail-rce.yaml
View File

@ -7,7 +7,7 @@ info:
description: | description: |
The subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username")parameter. The subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username")parameter.
An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication. An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication.
remediation : Fixed in 0.55 Version remediation: Fixed in 0.55 Version
reference: reference:
- https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/ - https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/
- https://github.com/stamparm/maltrail/commit/a299967318cc226c18a6a07d1be708e3f21edd39 - https://github.com/stamparm/maltrail/commit/a299967318cc226c18a6a07d1be708e3f21edd39