CVE-2017-18025

Name of the Vulnerable Software and Affected Versions Innotube ITGuard-Manager version 0.0.0.1

Description The issue is related to the execution of arbitrary OS commands via shell metacharacters in the username field of the cgi-bin/drknow.cgi script. This can be exploited by remote attackers, allowing them to execute arbitrary commands. For example, using a username starting with "admin|" to utilize the '|' metacharacter. The vulnerability is due to the lack of proper neutralization of special elements used in OS commands.

Recommendations For Innotube ITGuard-Manager version 0.0.0.1, as a temporary workaround, consider restricting access to the cgi-bin/drknow.cgi script or validating and sanitizing the username field to prevent the injection of shell metacharacters. Avoid using the username field with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.