CVE-2024-58278
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IndigoSTAR Software | perl2exe | 0 <= V30.10C | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/51825
- https://www.indigostar.com/
- https://www.indigostar.com/download/p2x-30.10-Linux-x64-5.30.1.tar.gz
- https://www.vulncheck.com/advisories/indigostar-software-perl2exe-v3010c-arbitrary-code-execution
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.