By injecting specific payloads into this header, an attacker can trick the server into executing arbitrary system commands with the privileges of the web service. Mitigation To address this vulnerability, administrators should:
The flaw stems from via improper handling of the X-Forwarded-For header in HTTP GET requests. 53387.rar
Upgrade Uniguest Tripleplay to version 24.2.1 or later immediately. By injecting specific payloads into this header, an
Uniguest Tripleplay (Signage and IPTV platform). Vulnerable Versions: All versions prior to 24.2.1. 53387.rar
Unauthenticated Remote Code Execution (RCE).
The server fails to sanitize the X-Forwarded-For header before processing it.
The attacker crafts a request to the target server.