openITCOCKPIT prior to 3.7.3 has a web-based terminal that allows malicious users to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
it-novum openitcockpit |