CVE-2024-53407

LOW

Phiewer - Untrusted Search Path

Title source: rule

Description

In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.

Exploits (1)

nomisec WORKING POC

by SyFi · poc

https://github.com/SyFi/CVE-2024-53407

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/SyFi/CVE-2024-53407

Scores

CVSS v3 3.3

EPSS 0.0492

EPSS Percentile 89.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-426

Status published

Products (1)

phiewer/phiewer 4.1.0

Published Jan 15, 2025

Tracked Since Feb 18, 2026