cve/2019/CVE-2019-10678.md

CVE-2019-10678

Description

Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

POC

Reference

• http://packetstormsecurity.com/files/152678/Domoticz-4.10577-Unauthenticated-Remote-Command-Execution.html
• https://www.exploit-db.com/exploits/46773/

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/cved-sources/cve-2019-10678
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/hectorgie/PoC-in-GitHub