E19-0ul11
CVSS:
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
3
Year:
2019
Description
This strike exploits a command injection vulnerability in the Exhibitor Web UI.
The vulnerability is due to improper parsing of parameters passed to the config editor web form.
A malicious attacker can exploit this by performing a specially-crafted HTTP request.
Successful exploitation leads to arbitrary commands being run in the context of the user running the Exhibitor server.