Arbitrary Command Injection in Tenable Appliance Web UI

Arbitrary Command Injection in Tenable Appliance Web UI

CVE-2017-8051 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

Learn more about our Web App Pen Testing.