Site icon API Security Blog

Cobbler subject to Command Injection

A Command Injection in action_power.py in Cobbler prior to v2.6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.Read More

Exit mobile version