Remote Code Execution Vulnerability in Inducer by Inducer Corp
CVE-2024-32407

8.8HIGH

Key Information:

Vendor: Inducer Corp
Status: Inducer
Vendor: CVE Published:; 22 April 2024

🔔 Create Inducer Corp Vulnerability Alert

What is CVE-2024-32407?

A vulnerability exists in Inducer prior to version 2024.1, which allows a remote attacker to exploit the Page Sandbox feature. By sending a specially crafted payload, the attacker can execute arbitrary code on the affected system, potentially compromising the integrity and confidentiality of the data. This provides attackers with elevated privileges and control, making it critical for users to update to the latest version to safeguard against potential exploitation.

References

https://book.hacktricks.xyz/v/jp/pentesting-web/ssti-serv...

https://cxsecurity.com/issue/WLB-2024040049

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Apr 12, 2024

CVE-2024-32407 Data

JSON