PT-2026-58048 · Dan In Ca · Sip

Gjoko Krstic

·

Publicado

2026-07-14

·

Atualizado

2026-07-14

·

CVE-2026-58479

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli control plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint. Attackers can trigger execution by activating the associated irrigation station, exploiting the absence of passphrase protection or the default passphrase 'opendoor', to achieve arbitrary command execution on the underlying host.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-58479

Produtos afetados

Sip