Command Injection in sofianehamlaoui/lockdoor-framework

Valid

Reported on

May 28th 2021

✍️ Description

Unsanitized user input leads to command injection in multiple scripts.

🕵️‍♂️ Proof of Concept

payload = ;id

https://drive.google.com/file/d/1ZPy_CaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing

💥 Impact

command run as root so it could do potential damage.

x3rz submitted a
patch
2 years ago
Jamie Slome
2 years ago

Admin

For reference:

https://github.com/SofianeHamlaoui/Lockdoor-Framework/pull/17

I am manually marking as valid and will confirm the fix too.

Jamie Slome validated this vulnerability 2 years ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome marked this as fixed with commit 59e427 2 years ago
x3rz has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation