In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote malicious users to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mobatek mobaxterm 11.1 |