CVE-2018-15529

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.

Date published : 2018-08-28

http://packetstormsecurity.com/files/149065/Mutiny-Monitoring-Appliance-Command-Injection.html

Command Injection on the Monitoring Appliances