Strike ID:
E19-0ul11
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
3
Year:
2019

Description

This strike exploits a command injection vulnerability in the Exhibitor Web UI. The vulnerability is due to improper parsing of parameters passed to the config editor web form. A malicious attacker can exploit this by performing a specially-crafted HTTP request. Successful exploitation leads to arbitrary commands being run in the context of the user running the Exhibitor server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}