Vulnerability
Netsweeper offers real-time content tracking and notification for early intervention. Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
Mitigation / Precaution
If you are affected by this CVE, you can automatically upgrade the application to the latest edition, or at the very least to 1.5.2.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
