Arbitrary Command Execution in NitroSecurity NitroView ESM 8.4.0a

Arbitrary Command Execution in NitroSecurity NitroView ESM 8.4.0a

CVE-2010-4099 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

Learn more about our Web Application Penetration Testing UK.