CVE-2021-3029

Name of the Vulnerable Software and Affected Versions EVOLUCARE ECSIMAGING (aka ECS Imaging) versions 6.21.5 and earlier

Description The issue is related to an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The file parameter on the webpage "/showfile.php" can be exploited to gain root access. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations For EVOLUCARE ECSIMAGING versions 6.21.5 and earlier, as a temporary workaround, consider disabling the "/showfile.php" webpage or restricting access to the file parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.