[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5810

Date: (C)2009-01-02   (M)2017-08-08
 
CVSS Score: 10.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

Reference:
SECTRACK-1021475
http://www.securityfocus.com/archive/1/archive/1/499417/100/0/threaded
BID-32927
SECUNIA-33168
SREASON-4856
ADV-2008-3462
http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english
http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt
webtransactions-wbpublish-command-injection(47495)

CWE    1
CWE-20

© 2013 SecPod Technologies