A remote command injection vulnerability was found in Applicure's dotDefender WAF management console. The vulnerability allows an authenticated dotDefender manager to execute arbitrary commands on the protected server. Exploiting the vulnerability requires to first authenticate to the server, lowering its potential risk. Nevertheless, as the published exploit is detailed and allows attackers to actively exploit the vulnerability, immediate patching is recommended.
