CVE-2024-28892

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 21, 2024
CWE ID 78

Summary

CVE-2024-28892 is a newly disclosed vulnerability affecting GoCast version 1.1.3. The weakness lies in the name parameter, which is susceptible to OS command injection. A maliciously crafted HTTP request can exploit this vulnerability, enabling an attacker to execute arbitrary commands without authentication. This poses a significant risk as it allows unauthorized access and control over the targeted system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share