Command Injection in sofianehamlaoui/lockdoor-framework


Reported on

May 28th 2021

✍️ Description

Unsanitized user input leads to command injection in multiple scripts.

🕵️‍♂️ Proof of Concept

payload = ;id

💥 Impact

command run as root so it could do potential damage.

x3rz submitted a
a year ago
Jamie Slome
a year ago


For reference:

I am manually marking as valid and will confirm the fix too.

Jamie Slome validated this vulnerability a year ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome confirmed that a fix has been merged on 59e427 a year ago
x3rz has been awarded the fix bounty
to join this conversation