OS Command Injection in Circle with Disney's /api/CONFIG/backup Functionality

OS Command Injection in Circle with Disney's /api/CONFIG/backup Functionality

CVE-2017-2866 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.

Learn more about our Api Penetration Testing.