Arbitrary Command Execution in Secudos DOMOS 5.8 via Shell Metacharacters in conf_datetime Zone Field

Arbitrary Command Execution in Secudos DOMOS 5.8 via Shell Metacharacters in conf_datetime Zone Field

CVE-2020-14293 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).

Learn more about our Web App Pen Testing.