Advantech iView software versions prior to 57046469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command The sanitization functionality only tests for SQL injection attempts and directory tr ...