CVE-2024-21663 CRITICAL

CVE-2024-21663: Remote code execution on ReconServer due to improper input sanitization on the prips command

Vendor Demon1A
Product Discord-Recon
Weakness CWE-20 · Input validation
Published January 8, 2024
Last update September 4, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
September 4, 2024 Record updated