[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5810

Date: (C)2009-01-02   (M)2017-08-08 


WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

CVSS Score: 10.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1021475
http://www.securityfocus.com/archive/1/archive/1/499417/100/0/threaded
BID-32927
SECUNIA-33168
SREASON-4856
ADV-2008-3462
http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english
http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt
webtransactions-wbpublish-command-injection(47495)

CWE    1
CWE-20

© 2013 SecPod Technologies