This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3