OrangeScrum version 2.0.11 allows an authenticated external malicious user to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orangescrum orangescrum 2.0.11 |