How severe is CVE-2024-29185?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2024-29185?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-29185

CRITICAL Year: 2024

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-78

View all →

Vulnerability Description

FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue.

CVE-2015-8557

CRITICAL

CVSS:9.0(Critical)

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

CWE-782015

CVE-2017-17055

CRITICAL

CVSS:9.0(Critical)

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.u...

CWE-782017

CVE-2019-10149

CRITICAL

CVSS:9.0(Critical)

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

CWE-782019

CVE-2019-17625

CRITICAL

CVSS:9.0(Critical)

There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field w...

CWE-782019

CVE-2019-18839

CRITICAL

CVSS:9.0(Critical)

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. W...

CWE-782019

CVE-2019-18873

CRITICAL

CVSS:9.0(Critical)

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request...

CWE-782019

CVE-2024-29185

Vulnerability Description

Related Vulnerabilities

CVE-2015-8557

CVE-2017-17055

CVE-2019-10149

CVE-2019-17625

CVE-2019-18839

CVE-2019-18873