An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CPE | Name | Operator | Version |
---|---|---|---|
eternus_cs8000_firmware | lt | 8.1 | |
eternus_cs8000_firmware | eq | 8.1 |