CVE-2021-43512 FlightRadar24's v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android can be decompiled and has API keys that can be extracted. These vulnerabilities allow attackers to cause unspecified consequences.
There is also a Cross-Site Request Forgery issue where a malicious user can exploit the web interface of FlightRadar24 to make arbitrary requests to other websites.
CVE-2018-11505 - Remote Code Execution in the Web Interface CVE-2018-11506 - Remote Code Execution in the Web Interface CVE-2018-11507 - Remote Code Execution in the Web Interface CVE-2018-11508 - Remote Code Execution in the Web Interface CVE-2018-11509 - Remote Code Execution in the Web Interface CVE-2018-11510 - Remote Code Execution in the Web Interface CVE-2018-11511 - Remote Code Execution in the Web Interface CVE-2018-11512 - Remote Code Execution in the Web Interface CVE-2018-11513 - Remote Code Execution in the Web Interface CVE-2018-11514 - Remote Code Execution in the Web Interface CVE-2018-11515 - Remote Code Execution in the Web Interface CVE-2018-11516 - Remote Code Execution in the Web Interface CVE-2018-11517 - Remote Code Execution in the Web Interface CVE-2018-11518 - Remote Code Execution in the Web Interface CVE-2018-11519 - Remote Code Execution in the Web Interface CVE-2018-11520 - Remote Code Execution in the Web Interface CVE-2018-11521 - Remote Code Execution in the Web Interface CVE-2018-11522 - Remote Code Execution in the Web Interface CVE-2018-11523 - Remote Code Execution in the Web
Remote Code Execution in the Web Interface
There is also a Remote Code Execution in the Web Interface that was discovered on December 5, 2018.
CVE-2018-11519 - Remote Code Execution in the Web Interface
There is also a Remote Code Execution in the Web Interface that was discovered on December 9, 2018.
Timeline
Published on: 06/02/2022 14:15:00 UTC
Last modified on: 06/10/2022 16:27:00 UTC