Skip to main content

Mocodo Online

2 CVEs product

Monthly

CVE-2024-35374 PyPI CRITICAL POC PATCH Act Now

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Mocodo Online
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-35373 CRITICAL POC Act Now

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Mocodo Online
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Mocodo Online
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy