E20-9slb1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
2
Year:
2020
Description
This strike exploits a OS Command Injection vulnerability in the rConfig server. The vulnerability is in the 'nodeId' parameter in the 'search.crud.php' module, due to failure to properly sanitize the user-supplied input. A remote, authenticated attacker can create a malicious HTTP request resulting in arbitrary command execution on the target system with the privileges of the user running the web server.