Описание
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:*
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:*
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:*
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01003
Низкий
8.8 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
3 месяца назад
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
EPSS
Процентиль: 77%
0.01003
Низкий
8.8 High
CVSS3
Дефекты
CWE-78