CVE-2018-5694 - The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator P

CVE-2018-5694

Summary

The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.

References

https://www.vulnerability-lab.com/get_content.php?id=1907

Vulnerable Configurations

cpe:2.3:a:fop2:flash_operator_panel:2.31.03:*:*:*:*:*:*:*
cpe:2.3:a:fop2:flash_operator_panel:2.31.03:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

misc

https://www.vulnerability-lab.com/get_content.php?id=1907

Last major update

03-10-2019 - 00:03

Published

14-01-2018 - 04:29

Last modified

03-10-2019 - 00:03