CVE-2021-29393
CRITICALNorthStar Club Management 6.3 - Remote Code Execution via cominput.jsp/comoutput.jsp
Title source: llmDescription
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://ardent-security.com
Third Party Advisory x_refsource_misc
https://ardent-security.com/en/advisory/asa-2021-01/
Scores
CVSS v3
9.8
EPSS
0.0357
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
globalnorthstar/northstar_club_management
6.3
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026