[CVE ID]
CVE-2024-29435
[PRODUCT]
Alldata-V0.4.6
[VERSION]
Alldata-V0.4.6
[PROBLEM TYPE]
Command execution vulnerability
[DESCRIPTION]
When the system calls the kill command to shut down a process, due to the lack of detection of the processId parameter, attackers can concatenate any system command into the processId parameter. When the system executes the kill command, the concatenated system command is executed.