CVE-2019-25441

Name of the Vulnerable Software and Affected Versions thesystem version 1.0

Description The software contains a command injection issue that enables unauthenticated attackers to execute arbitrary system commands. Attackers can submit malicious input to the run command endpoint. Specifically, attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.

Recommendations Apply a fix to address the command injection issue in the run command endpoint. Restrict access to the run command endpoint. Sanitize or validate the command parameter to prevent the execution of arbitrary shell commands.