header-logo
Suggest Exploit
vendor:
WebPALS
by:
SecurityFocus
9.3
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: WebPALS
Affected Version From: WebPALS 1.0
Affected Version To: WebPALS 1.0
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:webpals:webpals:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2001

A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

WebPALS is vulnerable to a specially crafted URL composed of a known filename, which will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

Mitigation:

Upgrade to the latest version of WebPALS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2372/info

A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. 


http://target/cgi-bin/pals-cgi?palsAction=restart&documentName=url_to_file

Navigation

Suggest Exploit

Services By CQR