Arbitrary Command Execution Vulnerability in Flash Operator Panel (FOP) 2.31.03

Arbitrary Command Execution Vulnerability in Flash Operator Panel (FOP) 2.31.03

CVE-2018-5694 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.

Learn more about our User Device Pen Test.