Описание
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.19 (включая)
cpe:2.3:a:pascom:cloud_phone_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13813
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
EPSS
Процентиль: 94%
0.13813
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78