CVE-2019-13475

2019-07-09T22:15:00
ID CVE-2019-13475
Type cve
Reporter cve@mitre.org
Modified 2019-07-16T18:08:00

Description

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.