OS Command Injection - Telos Alliance Omnia MPX Node
CVE ID: CVE-2022-43325
CVE Author: Momen Eldawakhly (Cyber Guy) & Ahmed Alroky (Bad Bot)
Vendor: Telos Alliance
Product: Omnia MPX Node
Affected Versions: 1.3.*-1.4.*
A command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
PoC Image: