CVE-2024-12970

LOW

TUBITAK BILGEM Pardus OS My Computer <0.7.2 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-12970. PoCs published by osmancanvural.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-12970, an OS command injection vulnerability in Pardus My Computer software. It identifies the vulnerable function `get_file_info` and explains how improper input validation allows command injection via the `file` parameter.

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: before 0.7.2.

Exploits (1)

nomisec WRITEUP
by osmancanvural · poc
https://github.com/osmancanvural/CVE-2024-12970

This repository provides a detailed technical analysis of CVE-2024-12970, an OS command injection vulnerability in Pardus My Computer software. It identifies the vulnerable function `get_file_info` and explains how improper input validation allows command injection via the `file` parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Pardus My Computer < 0.7.2
No auth needed
Prerequisites: Access to mount a disk with a malicious name in the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-24-1900

Scores

CVSS v3 3.9
EPSS 0.0130
EPSS Percentile 66.7%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-78
Status published
Products (1)
TUBITAK BILGEM/Pardus OS My Computer < 0.7.2
Published Jan 06, 2025
Tracked Since Feb 18, 2026