VulnerAlert



CLOUD
04-06-2025 23:54

CVE-2025-49008 Vulnerabilidad documentada

9.4 CRITICAL
Tags
#injection
#exploit
#data
#using
#server
#php
#git
#admin
#cloud
#develop
#browser
#improper
#arbitrary
#vulnerable
#inject
#execution
#execute
#compromise
#allow
#risk
Descripción
Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading arbitrary command execution. Atheos administrators and users vulnerable versions are at risk data breaches or server compromise. Version 6.0.4 introduces `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior execution migrated components potentially similar exploits this new templated system.
https://github.com/Atheos/Atheos/commit/7e6c0eb45fa6d04d786a0037389540f2638fe792
https://github.com/Atheos/Atheos/security/advisories/GHSA-rwc2-4q8c-xj48
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-49008
Resultados similares
Coincidentes en almenos en 50% de los tags
06-06-2025 CVE-2025-48784
A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System throug...
Ver información
06-06-2025 CVE-2025-48783
An external control of file name or path vulnerability in the delete file function of Soar Clou...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por