0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 19:26:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7f5897b6c0c79f919c80c096a60a138e2af250a6
CVE/patches/CVE-2026-48097.md
T
Stalin 837cb25d0d Create CVE-2026-48097.md
2026-05-21 12:20:23 +05:30

970 B
Raw Blame History

CVE

CVE-2026-48097 — PATH Injection Leading to Arbitrary Command Execution in NexTOR IP Changer

Severity: High CWE: CWE-78, CWE-476

Summary

A command execution vulnerability exists in NexTOR IP Changer due to unsafe use of shell=True with commands that rely on executable resolution through the PATH environment variable. An attacker controlling the execution environment can place malicious executables such as sudo earlier in the PATH, resulting in execution of attacker-controlled code.

Impact

  • Arbitrary command execution
  • Execution of attacker-controlled binaries
  • Potential privilege escalation
  • Full compromise of local system integrity and availability

Affected

1.0.0-1

Fixed

v2.0.0

References

Credits

Remediation Developer: 0x5t4l1n

Reference in New Issue View Git Blame Copy Permalink