CVE-2024-29640

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt