Privilege Escalation via Environment Variable Injection in Loopchain

Privilege Escalation via Environment Variable Injection in Loopchain

CVE-2019-12997 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).

Learn more about our Web Application Penetration Testing UK.