Vulnerability Details CVE-2019-25441
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 87.2%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2019-25441
-
cpe:2.3:a:kostasmitroglou:thesystem:1.0.0