CVE-2024-58286

CRITICAL

dizqueTV 1.5.3 - RCE

Title source: llm

Description

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.

Exploits (1)

exploitdb WORKING POC

by Ahmed Said Saud Al-Busaidi · textwebappsjsp

https://www.exploit-db.com/exploits/52079

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/vexorian/dizquetv

[Third Party Advisory] https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/52079

Scores

CVSS v4 9.3

EPSS 0.0086

EPSS Percentile 75.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-78

Status published

Products (1)

vexorian/dizqueTV 1.5.3

Published Dec 11, 2025

Tracked Since Feb 18, 2026