0.949 High
EPSS
Percentile
99.3%
genieacs is vulnerable to OS command injection. An attacker is able to inject malicious OS command via the ping host argument of lib/ui/api.ts and lib/ping.ts because it does not escape the argument and does not properly perform authorization check.
github.com/genieacs/genieacs/commit/7f295beeecc1c1f14308a93c82413bb334045af6
github.com/genieacs/genieacs/releases/tag/v1.2.8