TJ-59
commented
1 year ago Yup, noticed too, I submitted a Pull Request for this purpose, now we just need the team to have a look at it whenever they have time. Meanwhile, interested people can have a look at #245 or my github for a solution.
Hi FreeLan team,
After installing FreeLan 2.2.0 from:
I noticed that its service is hijackable due to the unquoted service path. Using this vulnerability, attackers can execute different files as
FreeLAN Service. It allows local users to replace the service with arbitrary code to escalate their privileges. I hope you check this link for more details: https://cwe.mitre.org/data/definitions/428.html