vendor:
BizDB
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: BizDB
Affected Version From: 1
Affected Version To: 1
Patch Exists: Yes
Related CWE: N/A
CPE: a:bizdb:bizdb:1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002
BizDB Remote Command Execution Vulnerability
BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the webserver. The variable is dbname, and if passed a semicolon followed by shell commands they will be executed. This cannot be exploited from a browser, as the software checks for a referrer field in the HTTP request. A valid referrer field can however be created and sent programmatically or via a network utility like netcat. The following netcat session will cause a copy of the output of the ls command to be mailed to attacker@attacker-host
Mitigation:
The vendor has released a patch to address this issue. Users should upgrade to the latest version of BizDB.
