In VembuBDR prior to 4.2.0.1 and VembuOffsiteDR prior to 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vembu bdr suite |
||
vembu offsite dr |