Exploits / Vulnerability Discovered : 2024-02-02 |
Type : remote |
Platform : windows
This exploit / vulnerability Webcatalog 48.4 arbitrary protocol execution is for educational purposes only and if it is used you will do on your own risk!
Vulnerability summary:
WebCatalog before version 48.8 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.