vendor:
Boa Webserver
by:
9.8
CVSS
CRITICAL
Command Injection
78
CWE
Product Name: Boa Webserver
Affected Version From: 0.94.14rc21
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:boa_webserver:boa_webserver:0.94.14rc21
Platforms Tested:
Boa Webserver Command Injection Vulnerability
The Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user-supplied input in logfiles and ensure that proper input validation and output encoding is implemented.