CVE-2021-26471

Name of the Vulnerable Software and Affected Versions VembuBDR versions prior to 4.2.0.1 VembuOffsiteDR versions prior to 4.2.0.1

Description The issue allows an unauthenticated attacker to execute arbitrary shell commands by using the command argument in the http API located at "/sgwebservice o.php". This enables unauthenticated remote code execution.

Recommendations For VembuBDR versions prior to 4.2.0.1, update to version 4.2.0.1 or later. For VembuOffsiteDR versions prior to 4.2.0.1, update to version 4.2.0.1 or later. As a temporary workaround, consider restricting access to the "/sgwebservice o.php" API endpoint until a patch is applied.