Security Advisory
CVE-2019-25441
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.