Arbitrary Command Injection in Tenable Appliance Web UI
CVE-2017-8051 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
Learn more about our Web App Pen Testing.