Vulnerabilities > Budabot

DATE CVE VULNERABILITY TITLE RISK
2018-11-30 CVE-2018-19290 OS Command Injection vulnerability in Budabot
In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command.
network
low complexity
budabot CWE-78
7.5