Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected.
a8bfed2b6a0488de9a6ded9c5bfe3e6d3e1e35ff053af72f599d8824a3f99a99