Command Injection Vulnerability in ThinStation 6.1.1 via Shell Metacharacters

Command Injection Vulnerability in ThinStation 6.1.1 via Shell Metacharacters

CVE-2019-12771 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.

Learn more about our Web Application Penetration Testing UK.