Vulnerable Versions
reconftw prior to v2.7.1
Patched Versions
reconftw v2.7.1.1 and higher
Description
A critical vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system.
Acknowledgements
I would like to thank Jaggar Henry and Felix Segoviano for responsibly disclosing this vulnerability.
Vulnerable Versions
reconftw prior to v2.7.1
Patched Versions
reconftw v2.7.1.1 and higher
Description
A critical vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system.
Acknowledgements
I would like to thank Jaggar Henry and Felix Segoviano for responsibly disclosing this vulnerability.