CVE-2024-44809

Sept. 3, 2024, 10:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Pi Camera project

  • 1.0

Source

cve@mitre.org

Tags

CVE-2024-44809 details

Published : Sept. 3, 2024, 10:15 p.m.
Last Modified : Sept. 3, 2024, 10:15 p.m.

Description

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
This website uses the NVD API, but is not approved or certified by it.