vendor:
by:
ThE dE@Th (AsB-MaY DiScOvEr ExPlIoTs Gr0uP)
8
CVSS
HIGH
Code Injection
94
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
AsB-MaY DiScOvEr ExPlIoTs Gr0uP
The vulnerability exists in multiple PHP files on the website, which allows an attacker to inject malicious code by manipulating the 'install_root' parameter. This can lead to unauthorized access, data leakage, or remote code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in PHP code. Additionally, keeping the software up-to-date with the latest patches and security updates is crucial.