VULHUB ™

The vulnerability can be triggered by any user doing: 1) Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ (without single quotes) and Save it. Edit the Device again and reload any data query already created. CMD will be executed with Web Server rights. 2) Edit or Create a Graph Template and use as Vertical Label ‘BonsaiSecLabel";CMD; "’ (without single quotes) and Save it. Go to Graph Management section and Select it. CMD will be executed with Web Server rights. Note that other properties of a Graph Template might also be affected.

The vulnerability can be triggered by any user doing: 1) Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ (without single quotes) and Save it. Edit the Device again and reload any data query already created. CMD will be executed with Web Server rights. 2) Edit or Create a Graph Template and use as Vertical Label ‘BonsaiSecLabel";CMD; "’ (without single quotes) and Save it. Go to Graph Management section and Select it. CMD will be executed with Web Server rights. Note that other properties of a Graph Template might also be affected.