CVE-2024-31380

Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve
https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1
https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve
https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1

Configurations

No configuration.

History

21 Nov 2024, 09:13

Type	Values Removed	Values Added
References	~~() https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve -
References	~~() https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1 -~~	() https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1 -

26 Aug 2024, 08:15

Type	Values Removed	Values Added
Summary	~~(en) Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3.~~	(en) Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.

05 Jun 2024, 11:15

Type	Values Removed	Values Added
References		() https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1 -
Summary	~~(en) Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.~~	(en) Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3.

25 Apr 2024, 09:15

Type	Values Removed	Values Added
References	~~{'url': 'https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve', 'source': 'audit@patchstack.com'}~~ ~~{'url': 'https://snicco.io/vulnerability-disclosure/oxygen/client-control-remote-code-execution-oxygen-4-8-1?_s_id=cve', 'source': 'audit@patchstack.com'}~~

05 Apr 2024, 14:15

Type	Values Removed	Values Added
References		() https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve -

03 Apr 2024, 18:15

Type	Values Removed	Values Added
Summary	~~Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.1.~~	Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2.

03 Apr 2024, 12:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-03 12:15

Updated : 2024-11-21 09:13

NVD link : CVE-2024-31380

Mitre link : CVE-2024-31380

CVE.ORG link : CVE-2024-31380

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.9 /10