CVE-2021-40612

Name of the Vulnerable Software and Affected Versions Opmantek Open-AudIT versions after 3.5.0

Description An issue was discovered in Opmantek Open-AudIT that allows an attacker to perform command execution without echoes. This can be done without authentication and is related to a vulnerability in the code igniter/application/controllers/util.php file.

Recommendations For versions after 3.5.0, consider restricting access to the util.php file in the code igniter/application/controllers directory until a patch is available. As a temporary workaround, consider disabling the vulnerable functionality in the util.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.