CVE-2018-1000666

Name of the Vulnerable Software and Affected Versions GIG Technology NV JumpScale Portal 7 versions before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb

Description The issue is related to an OS Command Injection vulnerability in the notifySpaceModification method. This vulnerability can result in improper validation of parameters, leading to command execution. The attack appears to be exploitable via network connectivity and requires minimal authentication privileges, as everyone can register an account.

Recommendations For GIG Technology NV JumpScale Portal 7 versions before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb, update to a version after commit 15443122ed2b1cbfd7bdefc048bf106f075becdb to resolve the issue. As a temporary workaround, consider restricting access to the notifySpaceModification method until a patch is available.