CVE-2020-37153

Name of the Vulnerable Software and Affected Versions ASTPP version 4.0.1

Description The software contains multiple security issues, including cross-site scripting and command injection within the SIP device configuration and plugin management interfaces. Successful exploitation could allow attackers to inject system commands and compromise administrator sessions. It may also be possible to execute arbitrary code with root permissions by manipulating cron tasks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.