Luke Gus

**Name of the Vulnerable Software and Affected Versions** Termix versions prior to 2.1.0 **Description** Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. All Docker container management endpoints interpolate the `containerId` URL path parameter and WebSocket message field directly into shell commands executed via the `exec()` function of `ssh2.Client` on remote managed servers without sanitization or validation. An authenticated attacker can inject arbitrary OS commands by crafting a malicious container ID, leading to Remote Code Execution on any managed server. **Recommendations** Update to version 2.1.0.