Name of the Vulnerable Software and Affected Versions:

ICTBroadcast versions 7.4 and below

Description:

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling.

Recommendations:

Update ICTBroadcast to a version later than 7.4.