Описание
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.414.122 (исключая)
cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01832
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.
EPSS
Процентиль: 83%
0.01832
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-94