Arbitrary Command Execution in Xplico before 1.2.1 via Uploaded PCAP File Name

Arbitrary Command Execution in Xplico before 1.2.1 via Uploaded PCAP File Name

CVE-2017-16666 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.

Learn more about our User Device Pen Test.