header-logo
Suggest Exploit
vendor:
Yarssr
by:
7.5
CVSS
HIGH
Remote Code Injection
CWE
Product Name: Yarssr
Affected Version From: 2000.2.2
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown

Remote Code Injection Vulnerability in Yarssr

Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer; other attacks are also possible.

Mitigation:

It is recommended to update to a patched version of Yarssr as soon as possible. Additionally, input validation should be implemented to properly sanitize user-supplied input.
Source

Exploit-DB raw data:

source: www.securityfocus.com/bid/26273/info   

Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer; other attacks are also possible.

Yarssr 0.2.2 is vulnerable; other versions may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30728.rss

Navigation

Suggest Exploit

Services By CQR