A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

vendor:

WebPALS

by:

SecurityFocus

9.3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: WebPALS

Affected Version From: WebPALS 1.0

Affected Version To: WebPALS 1.0

Patch Exists: YES

Related CWE: CVE-2001-0206

CPE: a:webpals:webpals:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2001

A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

WebPALS is vulnerable to a specially crafted URL composed of a known filename, which will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

Mitigation:

Upgrade to the latest version of WebPALS.

Source

A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

Mitigation:

Exploit-DB raw data: