|    |    |    | Today: 20-Nov-2017 |

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

October 31, 2016 | Posted in ExploitAlert

InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.


Source: InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Taged in: command, execution, infrapower, q213v1, Remote, unauthenticated