KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
9.8CVSS
9.6AI Score
0.968EPSS
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
8.8CVSS
8.9AI Score
0.103EPSS