Unrated severityNVD Advisory· Published Sep 14, 2019· Updated Aug 5, 2024
CVE-2019-16305
CVE-2019-16305
Description
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://calc URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MobaXterm/MobaXtermdescription
Patches
Vulnerability mechanics
References
1- freetom.github.io/0day/2019/09/14/MobaXterm-command-exec-in-protocol-handler.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.