Arbitrary Command Execution Vulnerability in im-metadata through 3.0.1

Arbitrary Command Execution Vulnerability in im-metadata through 3.0.1

CVE-2019-10788 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.

Learn more about our Web Application Penetration Testing UK.