OS Command Injection Vulnerability in Eve-NG Configuration Parser

OS Command Injection Vulnerability in Eve-NG Configuration Parser

CVE-2022-27903 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.

Learn more about our Web Application Penetration Testing UK.