Vulnerability CVE-2024-28135


Published: 2024-05-14

Description:





















A low privileged remote attacker can use a command injection vulnerability in the API which performs
remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.



















Type:

CWE-20

(Improper Input Validation)

 References:
https://cert.vde.com/en/advisories/VDE-2024-019

Copyright 2026, cxsecurity.com

 

Back to Top