Arbitrary Command Execution Vulnerability in serial-number through 1.3.0
CVE-2019-10804 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.
Learn more about our Web Application Penetration Testing UK.