WG call injection in /economy/contextcommand
Critical
V
Valve
Submitted None
Team Summary
Official summary from Valve
Context-specific commands to a web-facing gateway had insufficient parameter validation. Some economy queries could be run outside the actual requesters' capability by confusing the type system. Some bypasses for initial fixes were also provided.
Actions:
Reported by
lolcanyouexplainagainpleaselol
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Command Injection - Generic