| An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as external scripts via the /settings/query.json API, save the configuration, and trigger the script via the /query/name endpoint. The injected commands are executed with SYSTEM privileges, enabling full remote compromise. |
