vendor:
OGP-Website
by:
prey
N/A
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: OGP-Website
Affected Version From: Before 14 Aug patch
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:opengamepanel:ogp-website
Platforms Tested: CentOS Linux 5.4.102
2021
Open Game Panel – Remote Code Execution (RCE) (Authenticated)
Before the patch, it was possible to inject system commands on 'map' parameter when launching a new counter-strike server just by putting the command= between ';', the user needs to be authenticated for this.
Mitigation:
Update to the latest patched version (after 14 Aug patch) of Open Game Panel.