Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T05:33:44.175Z

Reserved: 2018-01-11T00:00:00

Link: CVE-2018-5347

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-12T01:29:00.200

Modified: 2024-11-21T04:08:37.910

Link: CVE-2018-5347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.