SCO Openserver 5.0.7 - 'outputform' Command Injection

Exploit Title: SCO Openserver 5.0.7 - 'outputform' Command Injection Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 04/09/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products/ Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Test...

Xinuos Openserver Parameter Injection Vulnerability

Xinuos Openserver is a FreeBSD-based operating system from the US company Xinuos. A security vulnerability exists in Xinuos formerly SCO Openserver versions v5 and v6 that allows an attacker to execute arbitrary commands to the cgi-bin printbook via the shell metacharacter outputform or toclevels...