CVE-2021-26704

Name of the Vulnerable Software and Affected Versions EPrints version 3.4.2

Description The issue allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a "cgi/toolbox/toolbox" URI. This can lead to unauthorized access and control of the system.

Recommendations For EPrints version 3.4.2, consider restricting access to the "cgi/toolbox/toolbox" URI until a patch is available. As a temporary workaround, avoid using the verb parameter in the affected URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.