header-logo
Suggest Exploit
vendor:
pngren
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Arbitrary Command Execution
78
CWE
Product Name: pngren
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

pngren Remote Arbitrary Command Execution Vulnerability

pngren is prone to a remote arbitrary command execution vulnerability. Reportedly, this issue arises when the user-specified values are passed to the 'kaiseki.cgi' script. Due to this, an attacker can supply arbitrary commands and have them executed in the context of the server. This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.

Mitigation:

Ensure that user-supplied input is properly validated and filtered before being passed to the 'kaiseki.cgi' script.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14182/info

pngren is prone to a remote arbitrary command execution vulnerability.

Reportedly, this issue arises when the user-specified values are passed to the 'kaiseki.cgi' script. Due to this, an attacker can supply arbitrary commands and have them executed in the context of the server.

This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer. 

http://www.example.com/cgi-bin/kaiseki.cgi?file.exetension|command|
http://www.example.com/cgi-bin/kaiseki.cgi?|command|

Navigation

Suggest Exploit

Services By CQR