header-logo
Suggest Exploit
vendor:
by:
Unknown
9
CVSS
CRITICAL
Command Injection
78
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2005

Remote Command Execution on

This vulnerability allows an attacker to execute arbitrary commands on the target system. It occurs when user-supplied input is not properly validated and is directly passed to a system command without any sanitization or filtering. The attacker can manipulate the input to include malicious commands, which are then executed by the system.

Mitigation:

To mitigate this vulnerability, input validation and sanitization should be implemented to ensure that user-supplied input is properly filtered and does not contain any malicious commands. Additionally, using parameterized queries or prepared statements when interacting with the system command can help prevent command injection attacks.
Source

Exploit-DB raw data:

Remote Command Execution on:

Example I.: www.host-vulnerable.com/includer.cgi?|id|
Example II.: www.host-vulnerable.com/includer.cgi?template=|id|

# milw0rm.com [2005-03-07]

Navigation

Suggest Exploit

Services By CQR