10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)False Positive:
This strike exploits a command injection vulnerability in the Exhibitor Web UI. The vulnerability is due to improper parsing of parameters passed to the config editor web form. A malicious attacker can exploit this by performing a specially-crafted HTTP request. Successful exploitation leads to arbitrary commands being run in the context of the user running the Exhibitor server.