An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command.
References
Link | Resource |
---|---|
https://github.com/OpenGamePanel/OGP-Website/pull/561 | Third Party Advisory |
https://www.exploit-db.com/exploits/50373 | Exploit Third Party Advisory VDB Entry |
https://github.com/OpenGamePanel/OGP-Website/pull/561 | Third Party Advisory |
https://www.exploit-db.com/exploits/50373 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 06:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/OpenGamePanel/OGP-Website/pull/561 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/50373 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2021-11-10 00:15
Updated : 2024-11-21 06:14
NVD link : CVE-2021-37158
Mitre link : CVE-2021-37158
CVE.ORG link : CVE-2021-37158
JSON object : View
Products Affected
opengamepanel
- opengamepanel
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')