An issue was discovered in October through build 471. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
PHP
Information Disclosure
October
NVD
GitHub
CVSS 3.1
9.8
EPSS
2.9%
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
Video Insight Vms
NVD
CVSS 3.1
9.8
EPSS
2.8%