FaceSentry Access Control System Command Injection Vulnerability

A command injection vulnerability has been identified in the FaceSentry Access Control System version 6.4.8. This vulnerability allows authenticated users to inject and execute arbitrary shell commands with root privileges. The issue arises in the 'pingTest.php' and 'tcpPortTest.php' scripts, where unsanitized input parameters can be exploited. The vulnerability is present in several different builds of the FaceSentry firmware.

Impact

Exploitation of this vulnerability allows for authenticated users to execute arbitrary commands as the root user, potentially leading to unauthorized system access or control.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'pingTest.php' or 'tcpPortTest.php' with crafted 'strInIP' and 'strInPort' parameters. The default session cookie must be included in the request. The injected commands will be executed with root privileges, and the results can be retrieved from the web server.