Security Advisory

CVE-2019-13475

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-09 21:58:05

Last updated 2024-08-04 23:57:38

Assigner mitre

State PUBLISHED

Description

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.

← Browse all CVEs View on cve.org ↗