4 matches found
CVE-2019-7669
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...
FlexAir Access Control 2.3.38 Command Injection
!/bin/bash Command injection with root privileges in FlexAir Access Control Prima Systems Firmware version: $OUTPUTFILE" Command injection payload. Be careful with single quotes! PAYLOAD="" Perform exploit echo "Executing: $CMD" curl --silent --output /dev/null -X POST -d "$PAYLOAD"...
CVE-2019-7669
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...
CVE-2019-7669
CVE-2019-7669 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is due to improper validation of file extensions when uploading files, allowing a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root pri...