Remote Denial of Service in Pinnacle Systems ShowCenter Web-based Interface

vendor:

ShowCenter

by:

5.5

CVSS

MEDIUM

Remote Denial of Service

CWE

Product Name: ShowCenter

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Remote Denial of Service in Pinnacle Systems ShowCenter Web-based Interface

The Pinnacle Systems ShowCenter web-based interface is prone to a remote denial of service vulnerability. The vulnerability exists due to a lack of sanity checks on the Skin parameter of a ShowCenter script. A remote attacker can exploit this vulnerability to persistently deny service to the ShowCenter web-based interface. Any subsequent request to the interface after the attack will result in a 'File or Folder not found' error message.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11232/info

The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. 

The issue exists due to a lack of sanity checks performed on the Skin parameter of a ShowCenter script.

It is reported that the affect of this attack will be persistent, any request for the ShowCenter web-based interface received subsequent to an attack will result in 'File or Folder not found' error message, as the interface fails to render.

A remote attacker may exploit this condition to persistently deny service to the ShowCenter web-based interface.

http://www.example.com:8000/ShowCenter/SettingsBase.php?Skin=ATK