Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
iOffice Remote Command Execution Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
iOffice
by:
9.8
CVSS
CRITICAL
Remote Command Execution
78
CWE
Product Name: iOffice
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

iOffice Remote Command Execution Vulnerability

iOffice is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and the underlying server.

Mitigation:

Update to the latest version of iOffice to fix the vulnerability. Additionally, input validation and sanitization should be implemented to prevent similar issues in the future.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41768/info

iOffice is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected software and the underlying server.

iOffice 0.1 is affected; other versions may also be vulnerable.

http://www.example.com/cgi-bin/index.pl?section_name=whatever&section=ioffice&parametre=|id|

Navigation

Suggest Exploit

Services By CQR