CVE-2023-46404

CRITICAL

PCRS <3.11 - RCE

Title source: llm

Description

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.

Exploits (1)

nomisec WORKING POC 3 stars
by windecks · poc
https://github.com/windecks/CVE-2023-46404

References (2)

Scores

CVSS v3 9.9
EPSS 0.3437
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
utoronto/pcrs < 3.11
Published Nov 03, 2023
Tracked Since Feb 18, 2026