An issue exists in Selesta Visual Access Manager (VAM) 4.15.0 up to and including 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
seling visual access manager |