Scott Sheach

**Name of the Vulnerable Software and Affected Versions** MegaSys Telenium Online Web Application (affected versions not specified) **Description** The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP endpoint. This endpoint is accessible to unauthenticated network users and improperly handles user-supplied input. An attacker can inject arbitrary operating system commands through a crafted HTTP request, resulting in remote code execution on the server in the context of the web application service account. The vulnerability allows for the execution of commands without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.