exploitDog

CVE-2021-29393

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.

Ссылки

https://ardent-security.com
Third Party Advisory
https://ardent-security.com/en/advisory/asa-2021-01/
Third Party Advisory
https://ardent-security.com
Third Party Advisory
https://ardent-security.com/en/advisory/asa-2021-01/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:globalnorthstar:northstar_club_management:6.3:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14164

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-289g-75hj-mg9m

github

почти 4 года назад

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.

EPSS

Процентиль: 94%

0.14164

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Уязвимость CVE-2021-29393