CVE-2019-25029
Published: May 26, 2021
Modified: Aug 5, 2024
Description
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
| Vendor | Product | Versions |
|---|---|---|
n/a | Versa Director | affected Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now