Description
This Flask web application is running in Debug Mode. Even though the interactive debugger does not work in forking environments (which makes it nearly impossible to use on production servers), it still allows the execution of arbitrary code. This makes it a major security risk and therefore it must never be used on production machines.
Remediation
Debug Mode must never be used on production machines. Disable Debug Mode before deploying the application.
References
Related Vulnerabilities
Remote code execution vulnerability in WordPress Duplicator
Cacti Unauthenticated Command Injection (CVE-2022-46169)
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)