RSS   Vulnerabilities for 'Klog server'   RSS

2021-01-26
 
CVE-2021-3317

CWE-77
 

 
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.

 
2020-12-27
 
CVE-2020-35729

CWE-78
 

 
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top