CVE-2021-40612

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
opmantekopen-audit
3.5.0 ≤
𝑥
< 4.3.0
𝑥
= Vulnerable software versions
References
https://community.opmantek.com/pages/viewpage.action?pageId=65504438
https://github.com/Opmantek/open-audit/commit/c7595cbb092e410a487f03c0eb536cf19e538860
https://community.opmantek.com/pages/viewpage.action?pageId=65504438
https://github.com/Opmantek/open-audit/commit/c7595cbb092e410a487f03c0eb536cf19e538860