CVE-2021-40612

2021-12-2212:12:43

mitre

www.cve.org

opmantek open-audit

unauthenticated access

command execution

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.

References

community.opmantek.com/pages/viewpage.action?pageId=65504438

github.com/Opmantek/open-audit/commit/c7595cbb092e410a487f03c0eb536cf19e538860