header-logo
Suggest Exploit
vendor:
greed (Get and Resume Elite Edition)
by:
7.5
CVSS
HIGH
Unauthorized Command Execution
78
CWE
Product Name: greed (Get and Resume Elite Edition)
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Unauthorized Command Execution in greed (Get and Resume Elite Edition)

The greed (Get and Resume Elite Edition) application is prone to unauthorized command execution. This vulnerability occurs when the application processes a GRX file list that contains shell metacharacters and commands in file names. An attacker can exploit this vulnerability by providing a malicious GRX file list, which may originate from an external or untrusted source. Successful exploitation allows the attacker to execute arbitrary commands within the context of the application.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize input received from external or untrusted sources. Additionally, file names in GRX file lists should be properly encoded or restricted to prevent the inclusion of shell metacharacters and commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12034/info

greed (Get and Resume Elite Edition) is prone to unauthorized command execution. This issue is exposed when the application processes a GRX file list that specifies shell metacharacters and commands in file names on the list. GRX file lists allow file downloads to be scripted. Since GRX file lists may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.

Successful exploitation will result in command execution in the context of the application. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25034.zip

Navigation

Suggest Exploit

Services By CQR