Supervene RazDC User Reset Password CGI Form OS Command Injection

Strike ID:
E18-5lvh1
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
4
Year:
2018

Description

This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to improper validation of input passed to 'User Reset Password' CGI script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server.

CVE

References