Arbitrary Code Execution via Crafted Module Name in ZNC

CVE-2019-12816 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

Learn more about our User Device Pen Test.