Description

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

Remediation

References

CVE-2024-3566

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2364)

WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)

WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2051)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7984)

Severity

Critical

Classification

CVE-2024-3566 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities