CyberSec.Space Logo
Back to CVE Browser

CVE-2021-29393

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile38.06th
PublishedFeb 4, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.

Affected Platforms (CPE)

πŸ“¦
Globalnorthstar

Northstar Club Management

= 6.3

References & Advisories

πŸ”— https://ardent-security.com
πŸ”— https://ardent-security.com/en/advisory/asa-2021-01/
πŸ”— https://ardent-security.com
πŸ”— https://ardent-security.com/en/advisory/asa-2021-01/

Related Vulnerabilities

CVE-2021-293969.8

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to u...

CVE-2021-293957.5

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remot...

CVE-2021-293977.5

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Managem...

CVE-2021-293946.5

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote...