Arbitrary Command Execution Vulnerability in serial-number through 1.3.0

Arbitrary Command Execution Vulnerability in serial-number through 1.3.0

CVE-2019-10804 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.

Learn more about our Web Application Penetration Testing UK.