CVE-2021-26471

Published: 2021-06-08T19:15Z

Last Modified: 2024-11-21T05:56Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt