Unauthenticated Remote Command Execution in Hawt.io Admin Terminal

CVE-2014-0121

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

Learn more about our Web Application Penetration Testing UK.