Description
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.
References (1)
Core 1
Core References
Exploit x_refsource_misc
https://freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.html
Scores
CVSS v3
8.8
EPSS
0.0674
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
mobatek/mobaxterm
11.1
mobatek/mobaxterm
12.1
Published
Sep 14, 2019
Tracked Since
Feb 18, 2026