Unsanitzed Input Leading to Command Injection [BUG] #1331
Labels
Comments
MscrmTools
added a commit
that referenced
this issue
Jul 15, 2024
Update StoreFormFromPortal.cs - Issue #1331 Fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Unsanitized input flows into the Process.Start() function, where it is used as a shell command. This results in the ability to execute arbitrary commands on users machines.
To Reproduce
Can be provided privately or publicly upon request.
Expected behaviour
Input should be validated before flowing into Process.Start() to ensure only expected types/structures of input are executed. More detailed explanation of expected behaviour can be provided privately or publicly upon request.
Screenshots
Can be provided privately or publicly upon request.
Desktop (please complete the following information):
Additional context
As this raised issue will be public, I have kept details on the vulnerability vague. If you would prefer to receive the details of the vulnerability privately, we can setup a private communication channel however you prefer. I can also provide the details of the vulnerability in this bug report. Please let me know.
The text was updated successfully, but these errors were encountered: