CVE-2024-45256 – BYOB Unauthenticated Remote Code Execution

https://notcve.org/view.php?id=CVE-2024-45256

26 Aug 2024 — An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py. • https://packetstorm.news/files/id/182256 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •