CVE-2022-27905

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive C:\ to exploit this...

Controlup Real-Time Agent操作系统命令注入漏洞

Controlup Real-Time Agent is a real-time agent from Controlup USA. The Controlup Real-Time Agent suffers from a command injection vulnerability that originates from an unauthenticated named pipe channel in the Controlup Real-Time Agent, which can be exploited by an attacker to run operating syste...