EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link | Resource |
---|---|
https://shoxxdj.fr/ecsimaging-os-injection-cve-2021-3029/ | Third Party Advisory |
https://www.evolucare.com | Product |
Configurations
History
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
Summary | EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
13 Jan 2021, 20:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:evolucare:ecs_imaging:*:*:*:*:*:*:*:* | |
References | (MISC) https://shoxxdj.fr/ecsimaging-os-injection-cve-2021-3029/ - Third Party Advisory | |
References | (MISC) https://www.evolucare.com - Product | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CWE | CWE-78 |
07 Jan 2021, 14:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-07 14:15
Updated : 2024-04-11 01:12
NVD link : CVE-2021-3029
Mitre link : CVE-2021-3029
CVE.ORG link : CVE-2021-3029
JSON object : View
Products Affected
evolucare
- ecs_imaging
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')