An issue exists in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartfoxserver smartfoxserver 2.17.0 |