strapi is vulnerable to OS command injection. An attacker with administrative privileges is able to inject and execute arbitrary OS commands on the system via the install and uninstall plugins module due to a lack of validation in the plugin name.
CPE | Name | Operator | Version |
---|---|---|---|
strapi | le | 3.0.0-beta.18.3 |