Description

This Flask web application is running in Debug Mode. Even though the interactive debugger does not work in forking environments (which makes it nearly impossible to use on production servers), it still allows the execution of arbitrary code. This makes it a major security risk and therefore it must never be used on production machines.

Remediation

Debug Mode must never be used on production machines. Disable Debug Mode before deploying the application.

References

Flask Debug Mode

Related Vulnerabilities

Remote code execution vulnerability in WordPress Duplicator

Cacti Unauthenticated Command Injection (CVE-2022-46169)

RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)

WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

Severity

High

Classification

CWE-489 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution