Ilevia EVE X1 Server Command Injection Vulnerability

An unauthenticated OS command injection vulnerability has been identified in Ilevia EVE X1 Server versions through 4.7.18.0.eden. The vulnerability resides in the '/ajax/php/login.php' script, where remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter. This exploitation could lead to a full system compromise or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for unauthorized execution of arbitrary system commands, potentially leading to full system compromise.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/ajax/php/login.php' with a payload injected into the 'passwd' parameter. This payload can be crafted to execute arbitrary commands on the server. Once the command injection is successful, a reverse shell can be established by directing the output of the executed command to a listener on the attacker's machine.