Details
-
Sub-task
-
Status: Public disclosure
-
Highest
-
Resolution: Done
-
Casablanca Maintenance Release, Casablanca
-
CVE-2019-12123
-
-
OJSI-SDNC
-
SDNC El Alto Sprint 1
Description
SDNC allows any user/logged for arbitrary code
execution in form.
Sample payload below.
Path: sdnc-oam/admportal/server/router/routes/sla.js:282
Url: http://<IP>:30201/sla/printAsXml?module=|| touch /tmp/printAsXml #
Attachments
| # | Subject | Branch | Project | Status | CR | V |
|---|---|---|---|---|---|---|
| 88625,4 | Issue OSA for OJSI-42 | master | osa | Status: MERGED | +2 | +1 |
| 89448,1 | Document OJSI-42 (CVE-201912123) vulnerability | master | sdnc/oam | Status: MERGED | +2 | +1 |
| 97491,2 | Improve security release notes for El Alto | elalto | sdnc/oam | Status: MERGED | +2 | +1 |
| 97492,2 | Improve security release notes for El Alto | master | sdnc/oam | Status: MERGED | +2 | +1 |