The application lacks any sort of protection against CSRF (let alone DNS rebinding).
As some, uhhh, creative development time saving techniques are used, an attacker can execute arbitrary shell commands on the computer running this software by redirecting the users browser to something like:
The application lacks any sort of protection against CSRF (let alone DNS rebinding).
As some, uhhh, creative development time saving techniques are used, an attacker can execute arbitrary shell commands on the computer running this software by redirecting the users browser to something like: