cve/2019/CVE-2019-13475.md

CVE-2019-13475

Description

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.

POC

Reference

• https://www.vulnerability-lab.com/get_content.php?id=2186

Github

No PoCs found on GitHub currently.