jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.
CPE | Name | Operator | Version |
---|---|---|---|
jiacrontab | eq | 1.4.0 | |
jiacrontab | eq | 1.3.4 | |
jiacrontab | eq | 1.3.3 | |
jiacrontab | eq | 1.4.1 | |
jiacrontab | eq | 1.4.5 | |
jiacrontab | eq | 1.4-beta.1 | |
jiacrontab | eq | 1.2.2 | |
jiacrontab | eq | 1.4.2 | |
jiacrontab | eq | 1.4.4 | |
jiacrontab | eq | 1.2.1 |