CVE-2017-7175

CRITICAL

NfSen <1.3.8 - Command Injection

Title source: llm

Description

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Taylor · textwebappslinux

https://www.exploit-db.com/exploits/42314

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42314/

Scores

CVSS v3 9.9

EPSS 0.2142

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

nfsen/nfsen < 1.3.7

Published Jul 10, 2017

Tracked Since Feb 18, 2026