CVE-2021-4304

Name of the Vulnerable Software and Affected Versions eprintsug ulcc-core (affected versions not specified)

Description A critical issue was found in the file cgi/toolbox/toolbox, where the manipulation of the password argument leads to command injection. This issue can be exploited remotely.

Recommendations Apply the patch 811edaae81eb044891594f00062a828f51b22cb1 to fix this issue. As a temporary workaround, consider restricting access to the cgi/toolbox/toolbox file to minimize the risk of exploitation. Avoid using the password argument in the affected functionality until the issue is resolved.