Description

Rejetto HTTP File Server has a template injection vulnerability. An unauthenticated attacker can execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Remediation

Upgrade to the latest version of Rejetto HTTP File Server.

References

Rejetto HTTP File Server 2.3m Unauthenticated RCE

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5249)

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43716)

Apache Traffic Server CVE-2023-30631 Vulnerability (CVE-2023-30631)

PostgreSQL Other Vulnerability (CVE-2005-1409)

Severity

Critical

Classification

CVE-2024-23692 CWE-1336 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities