vendor:
WSN Forum, WSN Knowledge Base, WSN Links, WSN Gallery
by:
SecurityFocus
9.3
CVSS
HIGH
Remote Shell Command Execution
78
CWE
Product Name: WSN Forum, WSN Knowledge Base, WSN Links, WSN Gallery
Affected Version From: 4.1.30
Affected Version To: 4.1.44
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Multiple WebmasterSite Products Remote Shell Command Execution Vulnerability
Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application. This issue affects the following products: WSN Forum 4.1.43, WSN Knowledge Base 4.1.36, WSN Links 4.1.44, WSN Gallery 4.1.30. An attacker can upload an evil avatar and go to a specific URL to execute arbitrary commands.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to execute arbitrary commands. Additionally, the application should be configured to use the least-privileged account possible.
