|
os.system('journalctl --since \"{} hours ago\" -u craftbeerpi.service > {}'.format(logtime, fullname)) |
URL GET parameter {logtime} utilized within the downloadlog function from cbpi/http_endpoints/http_system.py is subsequently passed to the os.system function in cbpi/controller/system_controller.py without prior validation allowing to execute arbitrary code.
Vulnerability exists from 4.0.0.58 version (563fae9 commit)
craftbeerpi4/cbpi/controller/system_controller.py
Line 61 in 988f19e
URL GET parameter
{logtime}utilized within the downloadlog function from cbpi/http_endpoints/http_system.py is subsequently passed to the os.system function in cbpi/controller/system_controller.py without prior validation allowing to execute arbitrary code.Vulnerability exists from
4.0.0.58version (563fae9commit)