vendor:
WebCTRL
by:
Gjoko 'LiquidWorm' Krstic
6,3
CVSS
MEDIUM
Path Traversal Arbitrary File Write
22
CWE
Product Name: WebCTRL
Affected Version From: ALC WebCTRL, SiteScan Web 6.1 and prior
Affected Version To: ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior
Patch Exists: YES
Related CWE: CVE-2017-9640
CPE: a:automated_logic_corporation:webctrl
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows 7 Professional, Apache-Coyote/1.1, Apache Tomcat/7.0.42, CJServer/1.1, Java/1.7.0_25-b17, Java HotSpot Server VM 23.25-b01, Ant 1.7.0, Axis 1.4, Trove 2.0.2, Xalan Java 2.4.1, Xerces-J 2.6.1
2017
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
The vulnerability is triggered by an authenticated user that can use the manualcommand console in the management panel of the affected application. The ManualCommand() function in ManualCommand.js allows users to perform additional diagnostics and settings overview by using pre-defined set of commands. This can be exploited by using the echo command to write and/or overwrite arbitrary files on the system including directory traversal throughout the system.
Mitigation:
Upgrade to the latest version of WebCTRL, SiteScan Web, i-Vu, and/or contact Automated Logic Corporation for more information.
