The application login page in AKIPS Network Monitor 15.37 up to and including 16.5 allows a remote unauthenticated malicious user to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
akips network monitor |