cvedb.io
CVE-2017-13779
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2017-09-14T06:29:03.483 · Last modified 2026-06-17T01:05:09.830

Summary

GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.

Affected products

gstn — india_goods_and_services_tax_network_offline_utility_tool

Does this affect you?

Add your gear to cvedb and we'll alert you only when gstn ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.