openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
CPE | Name | Operator | Version |
---|---|---|---|
openitcockpit | lt | 3.7.3 |