Full title: Ivanti Cloud Services Appliance (CSA) Command Injection Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA) for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with limited permissions. Successful exploitation results in command execution as the nobody user.

# 0day.today @ http://0day.today/