Description

MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.

INFO

Published Date :

2024-08-20T14:55:12.928Z

Last Modified :

2024-08-20T20:29:22.818Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43404 vulnerability.

Vendors Products
Megacord
  • Megabot
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43404.

URL Resource
https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6 cve-icon cve-icon
https://github.com/NicPWNs/MEGABOT/issues/137 cve-icon cve-icon
https://github.com/NicPWNs/MEGABOT/pull/138 cve-icon cve-icon
https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0 cve-icon cve-icon
https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact