Impact
A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required.
Patches
It is recommended that the NextCloudPi is upgraded to 1.53.1
Workarounds
- Ensure that the NextCloudPi web-panel is not exposed to the internet (the default) or other untrusted or public networks
stealthcopter Finder
Impact
A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required.
Patches
It is recommended that the NextCloudPi is upgraded to 1.53.1
Workarounds