Description
A command injection vulnerability exists in the screenshot API of the Web Check project (Lissy93/web-check) prior to <your patched version or commit hash>. The issue stems from user-controlled input (url) being passed unsanitized into a shell command using exec(), allowing attackers to execute arbitrary system commands on the underlying host.
This could be exploited by sending crafted url parameters such as $(cat /etc/passwd) to extract files or even establish remote access.
The vulnerability has been patched by replacing exec() with execFile(), which avoids using a shell and properly isolates arguments.
Impact
Remote Code Execution (RCE)
Affected Component
screenshot.js (specifically the directChromiumScreenshot function)
Severity
Critical (CVSS 9.8) — Remote execution, no auth required, network exploitable
Patched Version / Commit:
#243
Solution
Update to the latest version (2.0.1) or apply commit 0e4958a which replaces exec() with execFile() and avoids shell interpolation.
Description
A command injection vulnerability exists in the
screenshotAPI of the Web Check project (Lissy93/web-check) prior to<your patched version or commit hash>. The issue stems from user-controlled input (url) being passed unsanitized into a shell command usingexec(), allowing attackers to execute arbitrary system commands on the underlying host.This could be exploited by sending crafted
urlparameters such as$(cat /etc/passwd)to extract files or even establish remote access.The vulnerability has been patched by replacing
exec()withexecFile(), which avoids using a shell and properly isolates arguments.Impact
Remote Code Execution (RCE)
Affected Component
screenshot.js(specifically thedirectChromiumScreenshotfunction)Severity
Critical (CVSS 9.8) — Remote execution, no auth required, network exploitable
Patched Version / Commit:
#243
Solution
Update to the latest version (2.0.1) or apply commit 0e4958a which replaces
exec()withexecFile()and avoids shell interpolation.