Описание
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.7.3 (исключая)
cpe:2.3:a:it-novum:openitcockpit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00593
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
EPSS
Процентиль: 69%
0.00593
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78