There is also a Cross-Site Request Forgery issue where a malicious user can exploit the web interface of FlightRadar24 to make arbitrary requests to other websites.

CVE-2018-11505 - Remote Code Execution in the Web Interface CVE-2018-11506 - Remote Code Execution in the Web Interface CVE-2018-11507 - Remote Code Execution in the Web Interface CVE-2018-11508 - Remote Code Execution in the Web Interface CVE-2018-11509 - Remote Code Execution in the Web Interface CVE-2018-11510 - Remote Code Execution in the Web Interface CVE-2018-11511 - Remote Code Execution in the Web Interface CVE-2018-11512 - Remote Code Execution in the Web Interface CVE-2018-11513 - Remote Code Execution in the Web Interface CVE-2018-11514 - Remote Code Execution in the Web Interface CVE-2018-11515 - Remote Code Execution in the Web Interface CVE-2018-11516 - Remote Code Execution in the Web Interface CVE-2018-11517 - Remote Code Execution in the Web Interface CVE-2018-11518 - Remote Code Execution in the Web Interface CVE-2018-11519 - Remote Code Execution in the Web Interface CVE-2018-11520 - Remote Code Execution in the Web Interface CVE-2018-11521 - Remote Code Execution in the Web Interface CVE-2018-11522 - Remote Code Execution in the Web Interface CVE-2018-11523 - Remote Code Execution in the Web

Remote Code Execution in the Web Interface

There is also a Remote Code Execution in the Web Interface that was discovered on December 5, 2018.
CVE-2018-11519 - Remote Code Execution in the Web Interface
There is also a Remote Code Execution in the Web Interface that was discovered on December 9, 2018.

Timeline

Published on: 06/02/2022 14:15:00 UTC
Last modified on: 06/10/2022 16:27:00 UTC

References