Description
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
INFO
Published Date :
2024-04-25T23:49:28.540Z
Last Modified :
2025-02-13T17:52:14.004Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2024-32651 vulnerability.
| Vendors | Products |
|---|---|
| Dgtlmoon |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32651.