Vulnerability
Yachtcontrol is a ship navigation system of Yachtcontrol in the Netherlands. In Yachtcontrol through 2019-10-06: It’s possible to perform direct Operating System commands as an unauthenticated user via the /pages/systemcall.php?command={COMMAND} page and parameter, where {COMMAND} will be executed and returning the results to the client.
Affected Components
Yachtcontrol webservers using the custom PHP web application, versions until 2019-10-06.
Impact
Attackers can use this vulnerability to execute operating system commands.
Mitigation / Precaution
Our suggestion is to upgrade the Yachtcontrol Web application to the latest version as soon as possible to patch this issue.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
