The admin terminal in Hawt.io does not require authentication, which allows remote malicious users to execute arbitrary commands via the k parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hawt hawtio |
||
redhat jboss fuse 6.1.0 |