This security bulletin contains information about 1 vulnerabilities.
Exploit availability: YesDescription
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the "installPlugin" and "uninstallPlugin" handler functions. A remote authenticated administrator can execute arbitrary code on the target system via the "execa" function.Mitigation
Install updates from vendor's website.Vulnerable software versions
strapi: 1.0.0 - 3.0.0 beta.17.7
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?