Arbitrary OS Command Execution in Invigo Automatic Device Management (ADM) through 5.0

Arbitrary OS Command Execution in Invigo Automatic Device Management (ADM) through 5.0

CVE-2020-10583 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.

Learn more about our Cis Benchmark Audit For Server Software.