Yachtcontrol is a ship navigation system of Yachtcontrol in the Netherlands. In Yachtcontrol through 2019-10-06: It’s possible to perform direct Operating System commands as an unauthenticated user via the /pages/systemcall.php?command={COMMAND}
page and parameter, where {COMMAND} will be executed and returning the results to the client.
Yachtcontrol webservers using the custom PHP web application, versions until 2019-10-06.
Attackers can use this vulnerability to execute operating system commands.
Our suggestion is to upgrade the Yachtcontrol Web application to the latest version as soon as possible to patch this issue.