CVE-2024-21663

CRITICAL

Demon1a Discord-recon < 0.0.8 - Command Injection

Title source: rule

Description

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory x_refsource_confirm

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/DEMON1A/Discord-Recon/issues/23

Patch x_refsource_misc

https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a

View Patch ZIP pw:eip

Scores

CVSS v3 9.9

EPSS 0.0134

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-77

Status published

Products (2)

demon1a/discord-recon 0.0.8 beta

demon1a/discord-recon < 0.0.8

Published Jan 09, 2024

Tracked Since Feb 18, 2026