Vulnerability
Yachtcontrol is a ship navigation system of Yachtcontrol in the Netherlands. In Yachtcontrol through 2019-10-06: It’s possible to perform direct Operating System commands as an unauthenticated user via the /pages/systemcall.php?command={COMMAND} page and parameter, where {COMMAND} will be executed and returning the results to the client.
Affected Components
Yachtcontrol webservers using the custom PHP web application, versions until 2019-10-06.
Impact
Attackers can use this vulnerability to execute operating system commands.
Mitigation / Precaution
Our suggestion is to upgrade the Yachtcontrol Web application to the latest version as soon as possible to patch this issue.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
