CVE-2019-13475
HIGHMobaXterm 11.1 - Remote Code Execution via mobaxterm: URI Handler Argument Injection
Title source: llmDescription
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.vulnerability-lab.com/get_content.php?id=2186
Scores
CVSS v3
8.8
EPSS
0.0411
EPSS Percentile
89.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-88
Status
published
Products (1)
mobatek/mobaxterm
11.1
Published
Jul 09, 2019
Tracked Since
Feb 18, 2026