CVE-2024-35374

Published: May 24, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/generate.php#L104-L158

https://chocapikk.com/posts/2024/mocodo-vulnerabilities/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35374

Description

Affected Products

References