E20-9slb1
CVSS:
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2020
Description
This strike exploits a OS Command Injection vulnerability in the rConfig server.
The vulnerability is in the 'nodeId' parameter in the 'search.crud.php' module, due to failure to properly sanitize the user-supplied input.
A remote, authenticated attacker can create a malicious HTTP request resulting in arbitrary command execution on the target system with the privileges of the user running the web server.