Main Vulnerability Database Vulnerabilities #VU24228

OS Command Injection in treekill - #VU24228

Published: January 13, 2020

Vulnerability identifier: #VU24228

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: fengmk2

Affected software:
treekill

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient sanitization of values passed to the kill function. A remote attacker can execute arbitrary commands on the target server.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.npmjs.com/advisories/1433

OS Command Injection in treekill - #VU24228

Detailed vulnerability description

Remediation

Sources

Please verify you're human