PT-2022-9919 · Unknown · Northstar Club Management

Alexandre Larocque

Published

2022-02-04

Updated

2022-02-09

CVE-2021-29393

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NorthStar Club Management version 6.3

Description The issue allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled command and commandvalues parameters in cominput.jsp and comoutput.jsp.

Recommendations For NorthStar Club Management version 6.3, consider sanitizing the command and commandvalues parameters in cominput.jsp and comoutput.jsp to prevent remote code execution. As a temporary workaround, restrict access to these pages to minimize the risk of exploitation.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-29393

Affected Products

Northstar Club Management

PT-2022-9919 · Unknown · Northstar Club Management

CVE-2021-29393

Weakness Enumeration

Related Identifiers

Affected Products

References · 5