CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...