pondzikk issues

Repositories
Issues
Comments

Results 1 issues of


                                            pondzikk

Code injection vulnerability on /system/log endpoint

URL GET parameter `{logtime}` utilized within the [downloadlog](https://github.com/PiBrewing/craftbeerpi4/blob/1f645a835c32fc0133c14fbbeead41f55a387465/cbpi/controller/system_controller.py#L67) function from /cbpi/controller/system_controller.py is subsequently passed to the [os.system](https://github.com/PiBrewing/craftbeerpi4/blob/1f645a835c32fc0133c14fbbeead41f55a387465/cbpi/controller/system_controller.py#L84) function in /cbpi/http_endpoints/http_system.py without prior validation allowing to execute arbitrary code. Vulnerability exists...