RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers cannot only reinstall webEdition, but also gain remote command execution. webEdition CMS version 2.8.0.0 is affected.
b332b23b88f8524f6cc6ee224e2fcf3d34291eb580aa3efc4d12528bed131019