Ackites KillWxapkg vulnerable to OS Command Injection
Low severity
GitHub Reviewed
Published
May 21, 2025
to the GitHub Advisory Database
•
Updated Jun 20, 2025
Description
Published by the National Vulnerability Database
May 21, 2025
Published to the GitHub Advisory Database
May 21, 2025
Reviewed
Jun 20, 2025
Last updated
Jun 20, 2025
A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
References