MobaXterm 11.1 URI Handler Argument Injection Vulnerability
CVE-2019-13475 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.
Learn more about our User Device Pen Test.