An issue exists in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scytl secure vote 2.1 |