Precurio 2.1: Remote Command Execution via Xinha Plugin

9 Dec 2016 by Hendrik Buchwald

Precurio

Precurio is an Intranet portal that can be used as a calendar, phone directory, and much more. It is available as an open-source and commercial solution. We focused our analysis exclusively on the open-source version and detected several critical vulnerabilities that can be used to execute PHP code on the target system without any form of authentication.

Read More ...