vendor:
Webfroot Shoutbox
by:
Unknown
9
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: Webfroot Shoutbox
Affected Version From: Webfroot Shoutbox < 2.32
Affected Version To: Webfroot Shoutbox 2.32
Patch Exists: NO
Related CWE: CVE-XXXX-XXXX
CPE: a:webfroot:shoutbox:2.32
Platforms Tested:
Webfroot Shoutbox < 2.32 on apache exploit
This exploit allows an attacker to execute arbitrary commands on a remote server running Webfroot Shoutbox version 2.32 or below. The exploit sends a specially crafted GET request to the shoutbox.php file, which allows the attacker to execute commands on the server.
Mitigation:
Upgrade to a patched version of Webfroot Shoutbox or remove the vulnerable component from the server.