What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3.
Explanation of Vulnerability in Simple Terms
Code Engine versions 0.3.3 and earlier contain a code injection vulnerability that allows authenticated users to execute arbitrary code on the site. An attacker with low-level access can inject and run malicious code with full system privileges. The vulnerability affects confidentiality, integrity, and availability of the entire installation.
What an attacker can do
Run arbitrary code on the site with full system privileges.
Potential impact on your site
Complete compromise of the site and server; attacker can read, modify, or delete all data.
Conditions required to exploit
Attacker must have a low-level user account; no user interaction required.
Key dates
External resources