PT-2015-6794 · Pcs+2 · Pcs+2
Adam Mariš
+1
·
Published
2015-09-01
·
Updated
2023-02-13
·
CVE-2015-5190
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PCs versions 0.9.139 and earlier
Description
The issue allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. This is related to the pcsd web UI.
Recommendations
For versions 0.9.139 and earlier, consider restricting access to the pcsd web UI until a fix is available. As a temporary workaround, avoid using URLs with "escape characters" in the pcsd web UI to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Pcs
Red Hat