CVE-2024-0795
published 2024-03-02CVE-2024-0795: If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.95%
56.6th percentile
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mintplex-labs | mintplex-labs_anything-llm | >= unspecified < 1.0.0 | 1.0.0 |
| mintplexlabs | anythingllm | < 1.0.0 | 1.0.0 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Synology BeeStation BST150-4T - Unauthenticated Command Injection
nuclei·CVSS 9.8
CVE-2024-10443 [CRITICAL] Synology BeeStation BST150-4T - Unauthenticated Command Injection
Synology BeeStation BST150-4T - Unauthenticated Command Injection
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Template:
id: CVE-2024-10443
info:
name: Synology BeeStation BST150-4T - Unauthenticated Command Injection
author: iamnoooob,pdresearch
severity: critical
description: |
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote att
No writeups or analysis indexed.
https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723echttps://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec
2024-03-02
Published