Israel Leiva

**Name of the Vulnerable Software and Affected Versions** AltaVoz Prontus (aka ProntusCMS) versions prior to 12.0.3.0 **Description** The issue is related to "Improper Neutralization of Special Elements used in an OS Command" in the cgi-cpn/xcoding/prontus videocut.cgi component. This allows attackers to execute OS commands via an HTTP GET parameter. **Recommendations** For versions prior to 12.0.3.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the prontus videocut.cgi component to minimize the risk of exploitation. Avoid using HTTP GET parameters that could be used to execute OS commands until the issue is resolved.