Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mocodo(PyPI) | 0 | 4.2.7 | N/A |
CVSS Metrics
