CVE-2021-46704
N/A
N/A
Summary
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/genieacs/genieacs/releases/tag/v1.2.8
- https://github.com/genieacs/genieacs/commit/7f295beeecc1c1f14308a93c82413bb334045af6
References
- https://github.com/genieacs/genieacs/releases/tag/v1.2.8
- https://github.com/genieacs/genieacs/commit/7f295beeecc1c1f14308a93c82413bb334045af6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.