In VembuBDR prior to 4.2.0.1 and VembuOffsiteDR prior to 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vembu bdr_suite |
||
vembu offsite_dr |