CVE-2019-10863

Name of the Vulnerable Software and Affected Versions TeemIp versions prior to 2.4.0

Description A command injection issue exists, allowing malicious PHP code to be executed instantaneously through the new config parameter of the "exec.php" endpoint. This enables the creation of a new PHP file, excluding config information, and the sent malicious code is executed immediately without being saved on the server.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "exec.php" endpoint to minimize the risk of exploitation. Avoid using the new config parameter in the affected endpoint until the issue is resolved.