Command Injection Vulnerability in Prima Systems FlexAir, Versions 2.3.38 and prior

Command Injection Vulnerability in Prima Systems FlexAir, Versions 2.3.38 and prior

CVE-2019-7670 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.

Learn more about our Web Application Penetration Testing UK.