OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html | |
http://www.binaryworld.it/ | Exploit Vendor Advisory |
https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639 | Broken Link |
Configurations
History
11 Apr 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Mar 2024, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-24 02:15
Updated : 2024-08-03 15:15
NVD link : CVE-2022-45639
Mitre link : CVE-2022-45639
CVE.ORG link : CVE-2022-45639
JSON object : View
Products Affected
sleuthkit
- the_sleuth_kit
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')