A vulnerability in the admin web interface could allow an authenticated attacker to upload a custom template to perform an arbitrary code execution. These templates can be used to display customised login and meeting pages and are rendered using the Perl Template Toolkit engine. This engine can be coerced into executing code by creating a new "BLOCK" by abusing the "template" global object to create a new block to be evaluated. The deployed agent will run with ROOT privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name