Описание
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
EPSS
Процентиль: 98%
0.56462
Средний
Дефекты
CWE-78
Связанные уязвимости
debian
6 месяцев назад
A command injection vulnerability exists in GestioIP 3.0 commit ac67be ...
github
6 месяцев назад
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
EPSS
Процентиль: 98%
0.56462
Средний
Дефекты
CWE-78