Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2015-5453

Description

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

POC

Reference

- http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html

- http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html

- https://www.exploit-db.com/exploits/38346/

Github

No PoCs found on GitHub currently.