Robertchrk

**Name of the Vulnerable Software and Affected Versions** Zmanda Management Console version 3.3.9 **Description** The issue allows for CSRF, as demonstrated by command injection with shell metacharacters, potentially due to weak default credentials. This can be exploited through the "ZMC Admin Advanced?form=adminTasks&action=Apply&command=" API endpoint. **Recommendations** For Zmanda Management Console version 3.3.9, consider disabling the `ZMC Admin Advanced` function or restricting access to the "ZMC Admin Advanced?form=adminTasks&action=Apply&command=" endpoint until a patch is available. Additionally, changing default credentials to stronger ones may help mitigate the risk.