Skip to content

Instantly share code, notes, and snippets.

View CwithW's full-sized avatar

Chara White CwithW

20 followers · 0 following
View GitHub Profile
@CwithW
CwithW / main.md
Last active April 20, 2025 13:15
Subconverter v0.7.2 unauthorized RCE

Subconverter v0.7.2 unauthorized RCE

Software Link(Subconverter): https://github.com/tindy2013/subconverter

Affected versions: Subconverter v0.7.2, < v0.7.2-ce8d2bd

Description

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows unauthorized attackers to execute arbitrary code via crafted config and url parameters.