ESAFENET DSM Command Injection Vulnerability in examExportPDF Function

Vulnerability

A critical command injection vulnerability has been identified in ESAFENET DSM version 3.1.2. The issue arises in the examExportPDF function within the file /admin/plan/examExportPDF. The vulnerability can be exploited remotely by manipulating the argument 's', leading to unauthorized command execution on the server.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the server running ESAFENET DSM.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESAFENET DSM Command Injection Vulnerability in examExportPDF Function

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating