MobileTogether Server 7.3 XML Injection
Posted by deepcore on August 11, 2021 – 8:07 am
RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server’s certificate and private key. Versions 7.0 through 7.3 are affected.
Post a reply
You must be logged in to post a comment.