Osprey Pump Controller 1.0.1 eventFileSelected Command Injection
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS
command injection vulnerability. This can be exploited to inject and
execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php
scripts.
https://packetstormsecurity.com/files/171181/ZSL-2023-5750.txt
Tue, 28 Feb 2023 17:15:14 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)