An Improper Neutralization of Special Elements used in a...
High severity
Unreviewed
Published
Nov 30, 2023
to the GitHub Advisory Database
•
Updated Nov 30, 2023
Description
Published by the National Vulnerability Database
Nov 30, 2023
Published to the GitHub Advisory Database
Nov 30, 2023
Last updated
Nov 30, 2023
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
References