OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html | |
http://www.binaryworld.it/ | Exploit Vendor Advisory |
https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639 | Broken Link |
Configurations
History
11 Apr 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
Summary | OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line. |
03 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 15:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
01 Feb 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line. |
31 Jan 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
CPE | cpe:2.3:a:sleuthkit:the_sleuth_kit:4.11.1:*:*:*:*:*:*:* | |
References | (MISC) https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639 - Broken Link | |
References | (MISC) http://www.binaryworld.it/ - Exploit, Vendor Advisory | |
First Time |
Sleuthkit the Sleuth Kit
Sleuthkit |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
24 Jan 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-24 02:15
Updated : 2024-04-11 01:17
NVD link : CVE-2022-45639
Mitre link : CVE-2022-45639
CVE.ORG link : CVE-2022-45639
JSON object : View
Products Affected
sleuthkit
- the_sleuth_kit
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')