CVE-2024-29185
FreeScout before 1.8.128 is vulnerable to OS command injection in /public/tools.php. The php_path parameter is executed as an OS command via shell_exec without validation, enabling an attacker to run arbitrary commands on the server. Demonstrations have shown access to /etc/passwd, indicating com...