Weak default credentials in combination with missing input validation allow a remote attacker to execute arbitrary code on a server using the Zmanda Management Console 3.3.9.
Zmanda Management Console 339 - RCE (CVE-2019-19469) Weak default credentials in combination with missing input validation allow a remote attacker to execute arbitrary code on a server using the Zmanda Management Console 339 Description It's possible to execute whitelisted commands using the following link without any CSRF protection: 10123456/ZMC_Admin_Ad