WebTester 5.x install2.php Unauthenticated Command Execution

An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Eppler Software WebTester 安全漏洞

Eppler Software WebTester是Eppler Software公司的一款在线考试与测验平台。 Eppler Software WebTester 5.x版本存在安全漏洞，该漏洞源于install2.php脚本未清理用户输入，可能导致远程命令执行。

N/A

N/A