CVE-2022-45639

HIGH

the_sleuth_kit 4.11.1 - OS Command Injection via m Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-45639. PoCs published by Dino Barlattani.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in sleuthkit's fls tool (version 4.11.1) via the -m parameter. The vulnerability arises from improper handling of user input in the tsk_fs_fls() function, allowing arbitrary command execution when backticks are used.

Description

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.

Exploits (1)

exploitdb WORKING POC
by Dino Barlattani · textlocalmultiple
https://www.exploit-db.com/exploits/51225

The exploit demonstrates a command injection vulnerability in sleuthkit's fls tool (version 4.11.1) via the -m parameter. The vulnerability arises from improper handling of user input in the tsk_fs_fls() function, allowing arbitrary command execution when backticks are used.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: sleuthkit fls tool 4.11.1
No auth needed
Prerequisites: Access to a system with sleuthkit 4.11.1 installed · Ability to execute the fls command with the -m parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0466
EPSS Percentile 90.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
sleuthkit/the_sleuth_kit 4.11.1
Published Jan 24, 2023
Tracked Since Feb 18, 2026