Share
## https://sploitus.com/exploit?id=E0D3D1FC-44D6-5E37-9272-40D612E56981
# CVE-2021-46704-POC
CVE-2021-46704 GenieACS Command Injection POC

Affecting genieacs package, versions >=1.2.0 <1.2.8 

# How to fix?

Upgrade genieacs to version 1.2.8 or higher.

Affected versions of this package are vulnerable to Command Injection via the ping host argument (lib/ui/api.ts and lib/ping.ts) which stems from insufficient input validation combined with a missing authorization check.