Vulnerability
Netsweeper offers real-time content tracking and notification for early intervention. Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
Mitigation / Precaution
If you are affected by this CVE, you can automatically upgrade the application to the latest edition, or at the very least to 1.5.2.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
