A command injection vulnerability was found in the web administration console in SoftNAS Cloud prior to 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated malicious user to execute arbitrary commands with root permissions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
softnas cloud |