|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Web applications / Modules and components for CMS
This security bulletin contains one high risk vulnerability.
CWE-77 - Command injection
Exploit availability: NoDescription
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the "child_process.exec" function. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.Mitigation
Install updates from vendor's website.Vulnerable software versions
xps: 1.0.0 - 1.0.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?