← voltar
CVE-2026-2544

yued-fe LuLu UI run.js child_process.exec os command injection

CVSS 6.9 MEDIUMEPSS 2.0%CWE-77CWE-78
A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Produtos afetados
yued-fe · LuLu UI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/lakshayyverma/CVE-Discovery/blob/main/lulu.mdhttps://vuldb.com/?ctiid.346153https://vuldb.com/?id.346153https://vuldb.com/?submit.749722