Skip to content

Instantly share code, notes, and snippets.

@Raybye

Raybye/CVE-2024-29435.md

Last active March 26, 2024 01:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Raybye/ea3a46adc5ea51e659c42218f05153fa to your computer and use it in GitHub Desktop.
Save Raybye/ea3a46adc5ea51e659c42218f05153fa to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2024-29435
Raw
CVE-2024-29435.md

[CVE ID]
CVE-2024-29435

[PRODUCT]
Alldata-V0.4.6

[VERSION]
Alldata-V0.4.6

[PROBLEM TYPE]
Command execution vulnerability

[DESCRIPTION]
When the system calls the kill command to shut down a process, due to the lack of detection of the processId parameter, attackers can concatenate any system command into the processId parameter. When the system executes the kill command, the concatenated system command is executed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment