Mobatek MobaXterm CVE-2019-13475 Argument Injection Vulnerability

description-logoDescription

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.

affected-products-logoAffected Applications

MobaXterm

CVE References

CVE-2019-13475