Arbitrary Command Injection in mySCADA myPRO Versions 8.20.0 and Prior
CVE-2021-43981 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
Learn more about our Web Application Penetration Testing UK.