cve/2021/CVE-2021-29393.md

### [CVE-2021-29393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29393)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.

### POC

#### Reference
- https://ardent-security.com
- https://ardent-security.com/en/advisory/asa-2021-01/

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-29393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29393)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.`

			`### POC`

			`#### Reference`
			`- https://ardent-security.com`
			`- https://ardent-security.com/en/advisory/asa-2021-01/`

			`#### Github`
			`No PoCs found on GitHub currently.`