CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-29393

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile38.06th
Published2022年2月4日
Last Modified2024年11月21日

Vulnerability Description

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.

Affected Platforms (CPE)

📦
Globalnorthstar

Northstar Club Management

= 6.3

References & Advisories

🔗 https://ardent-security.com
🔗 https://ardent-security.com/en/advisory/asa-2021-01/
🔗 https://ardent-security.com
🔗 https://ardent-security.com/en/advisory/asa-2021-01/

関連する脆弱性情報

CVE-2021-293969.8

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to u...

CVE-2021-293957.5

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remot...

CVE-2021-293977.5

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Managem...

CVE-2021-293946.5

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote...