Command-Injection Vulnerability in NASCENT RemKon Device Manager 4.0.0.0 Image Upload Function
CVE-2021-38611 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.
Learn more about our Web Application Penetration Testing UK.