mirror of
https://github.com/0x5t4l1n/CVE.git
synced 2026-05-26 11:25:49 +00:00
Create CVE-2026-48098.md
This commit is contained in:
Stalin
@@ -0,0 +1,34 @@
|
|||||||
|
|
||||||
|
|
||||||
|
# CVE-2026-48098 — Unsafe Use of sudo and shell=True in NexTOR IP Changer
|
||||||
|
|
||||||
|
**Severity:** High
|
||||||
|
**CWE:** CWE-78, CWE-250
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
NexTOR IP Changer executes privileged system commands using `sudo` and `shell=True` directly inside application logic. In environments where passwordless sudo (`NOPASSWD`) is enabled, privileged commands may execute silently without explicit user confirmation.
|
||||||
|
|
||||||
|
## Impact
|
||||||
|
|
||||||
|
* Privileged command execution
|
||||||
|
* Potential command injection risks
|
||||||
|
* Unauthorized system-level modifications
|
||||||
|
* Elevated impact in misconfigured sudo environments
|
||||||
|
|
||||||
|
## Affected
|
||||||
|
|
||||||
|
1.0.0-1
|
||||||
|
|
||||||
|
## Fixed
|
||||||
|
|
||||||
|
v2.0.0
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
* https://github.com/advisories/GHSA-fpxg-q9p5-5wvm
|
||||||
|
* https://github.com/0x5t4l1n/NexTOR_IP_CHANGER/releases/tag/v2.0.0
|
||||||
|
|
||||||
|
## Credits
|
||||||
|
|
||||||
|
Remediation Developer: 0x5t4l1n
|
||||||
Reference in New Issue
Block a user