CVE-2024-4748 Information

Description

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server.  The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.

Reference

https://cert.pl/en/posts/2024/06/CVE-2024-4748 https://cert.pl/posts/2024/06/CVE-2024-4748 https://github.com/jan-vandenberg/cruddiy/issues/67