CVE-2024-12652
HIGH WAF: Medium
CVSS 8.8
Published: 2024-12-26
CWE-94
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.
WAF Coverage Analysis
Code Injection
Medium WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| intumit | smartrobot | up to 7.2.0 |
References
- zuso.ai (Vendor Advisory)