vendor:
Exodus
by:
Nine:Situations:Group::strawdog
7.5
CVSS
HIGH
Arbitrary Parameter Injection
94
CWE
Product Name: Exodus
Affected Version From: v0.10
Affected Version To: v0.10
Patch Exists: YES
Related CWE: N/A
CPE: exodus:exodus
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2008
Exodus v0.10 uri handler arbitrary parameter injection
It is possible to inject arbitrary command line parameters into Exodus v0.10, which can be used to overwrite arbitrary files or cause an infinite loop through multiple unhandled exceptions. This vulnerability affects Microsoft Windows systems.
Mitigation:
Upgrade to the latest version of Exodus, which is not vulnerable to this exploit.