CVE-2019-13475

CVE-2019-13475

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.

Source: CVE-2019-13475

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다