Unrated severityNVD Advisory· Published Mar 29, 2024· Updated Aug 2, 2024
Command Injection as root in NextCloudPi web panel
CVE-2024-30247
Description
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.