{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T20:35:59.829","vulnerabilities":[{"cve":{"id":"CVE-2024-4748","sourceIdentifier":"cvd@cert.pl","published":"2024-06-24T14:15:13.030","lastModified":"2024-11-21T09:43:30.787","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. \nThe exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server."},{"lang":"es","value":"El proyecto CRUDDIY es vulnerable a la inyección de comandos de shell mediante el envío de una solicitud POST manipulada al servidor de aplicaciones. El riesgo de explotación es limitado ya que CRUDDIY debe lanzarse localmente. Sin embargo, un usuario con el proyecto ejecutándose en su computadora podría visitar un sitio web que enviaría una solicitud maliciosa al servidor iniciado localmente."}],"metrics":{"cvssMetricV31":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:j11g:cruddiy:*:*:*:*:*:*:*:*","versionEndIncluding":"202312.1","matchCriteriaId":"A5908333-F478-4071-A90D-BEC428110174"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2024/06/CVE-2024-4748","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/06/CVE-2024-4748","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://github.com/jan-vandenberg/cruddiy/issues/67","source":"cvd@cert.pl","tags":["Issue Tracking"]},{"url":"https://cert.pl/en/posts/2024/06/CVE-2024-4748","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/06/CVE-2024-4748","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/jan-vandenberg/cruddiy/issues/67","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}}]}