exploitDog

GHSA-pqmf-jx6f-mxff

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

Ссылки

EPSS

Процентиль: 98%

0.50208

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2018-14701

CVSS3: 9.8

nvd

около 7 лет назад

System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.

EPSS

Процентиль: 98%

0.50208

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78