Home
Description
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution.
References
github.com/oinone/oinone-pamirs
gist.github.com/Misakim1/859c3eb9ced699089ee0747dae9bedc1