Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability by IndigoSTAR Software

CVE-2024-58278 (GCVE-0-2024-58278)

Vulnerability from cvelistv5 – Published: 2025-12-04 20:42 – Updated: 2025-12-04 20:42

Summary

perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

VulnCheck

References

URL

Tags

	https://www.exploit-db.com/exploits/51825	exploit
	https://www.indigostar.com/	product
	https://www.indigostar.com/download/p2x-30.10-Lin…	productpermissions-required
	https://www.vulncheck.com/advisories/indigostar-s…	third-party-advisory

Impacted products

	Vendor	Product	Version
	IndigoSTAR Software	perl2exe	Affected: 0 , ≤ V30.10C (semver)

Credits

decrazyo

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "perl2exe",
          "vendor": "IndigoSTAR Software",
          "versions": [
            {
              "lessThanOrEqual": "V30.10C",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "decrazyo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "perl2exe \u0026lt;= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access."
            }
          ],
          "value": "perl2exe \u003c= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-04T20:42:56.275Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-51825",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/51825"
        },
        {
          "name": "IndigoSTAR Software Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.indigostar.com/"
        },
        {
          "name": "IndigoSTAR Software Download Page",
          "tags": [
            "product",
            "permissions-required"
          ],
          "url": "https://www.indigostar.com/download/p2x-30.10-Linux-x64-5.30.1.tar.gz"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/indigostar-software-perl2exe-v3010c-arbitrary-code-execution"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IndigoSTAR Software - perl2exe \u003c= V30.10C - Arbitrary Code Execution",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-58278",
    "datePublished": "2025-12-04T20:42:56.275Z",
    "dateReserved": "2025-12-04T16:32:25.980Z",
    "dateUpdated": "2025-12-04T20:42:56.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}