Lansweeper 7.2 Default Account / Remote Code Execution

Exploit Title: Lansweeper 7.2 - Incorrect Access Control SHODAN DORK : title:"Lansweeper - Login" Date: 2020-06-14 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.lansweeper.com/ Software Link: https://www.lansweeper.com Version: 6.0.x through 7.2.x Tested on: Windows CVE :...

CVE-2020-14011

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features...

Command injection

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features...

CVE-2020-14011

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features...

CVE-2020-14011

CVE-2020-14011 affects Lansweeper 6.0.x–7.2.x. The default installation leaves the admin password configured for the admin account unless the built-in admin option is unchecked, enabling command execution via Add New Package and Scheduled Deployments. Multiple sources (NVD/Red Hat/CNVD/Exploits d...