CVE-2024-28892
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 21, 2024
CWE ID 78
Summary
CVE-2024-28892 is a newly disclosed vulnerability affecting GoCast version 1.1.3. The weakness lies in the name parameter, which is susceptible to OS command injection. A maliciously crafted HTTP request can exploit this vulnerability, enabling an attacker to execute arbitrary commands without authentication. This poses a significant risk as it allows unauthorized access and control over the targeted system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share