Skip to content

Instantly share code, notes, and snippets.

View CwithW's full-sized avatar

Chara White CwithW

17 followers · 0 following
View GitHub Profile
@CwithW
CwithW / main.md
Last active March 27, 2024 07:34
Subconverter v0.7.2 unauthorized RCE

Subconverter v0.7.2 unauthorized RCE

Software Link(Subconverter): https://github.com/tindy2013/subconverter

Affected versions: Subconverter v0.7.2, < v0.7.2-ce8d2bd

Description

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows unauthorized attackers to execute arbitrary code via crafted config and url parameters.