CVE-2017-16666

Name of the Vulnerable Software and Affected Versions: Xplico versions prior to 1.2.1

Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. It can also be exploited without authentication by leveraging the user registration feature.

Recommendations: For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PCAP file upload feature and disabling the user registration feature until the update is applied. Avoid using shell metacharacters in the name of uploaded PCAP files until the issue is resolved.