header-logo
Suggest Exploit
vendor:
Man Page Lookup
by:
SecurityFocus
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Man Page Lookup
Affected Version From: Not Specified
Affected Version To: Not Specified
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:andysphp:man_page_lookup
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not Specified
2002

Andy’s PHP Projects Man Page Lookup script

Andy's PHP Projects Man Page Lookup script is vulnerable to command injection due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which will allow the attacker to execute arbitrary commands on the server.

Mitigation:

Input validation should be performed on all user-supplied input to prevent command injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9395/info

A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain unauthorized access to sensitive information on a system.

http://www.example.com/manpage/index.php?command=/etc/resolv.conf

Navigation

Suggest Exploit

Services By CQR