A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The ve [truncated]
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2, allowing for os command injection via the evalIsFailed function in GroovyScriptImpl.java. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. Evidence is limited to CVE and NVD information. No official patches or mitigations are provided.
A low-severity vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2, affecting an unknown function in the Android WebSocket Server component. The vulnerability allows for OS command injection via the manipulation of the 'path' argument. The attack can be initiated remotely, and the exploit has been disclosed to the public. However, the vendor did not respond to the disclosure. This vulnerabili [truncated]