header-logo
Suggest Exploit
vendor:
Logbook
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Logbook
Affected Version From: 0.98b3
Affected Version To: 0.98b3
Patch Exists: YES
Related CWE: N/A
CPE: a:wordit:logbook
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Wordit Logbook Remote Command Execution Vulnerability

A remote command execution vulnerability has been discovered in the Wordit Logbook application. This issue occurs due to insufficient sanitization of externally supplied data to the 'logbook.pl' script. A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7043/info

A remote command execution vulnerability has been discovered in the Wordit Logbook application. This issue occurs due to insufficient sanitization of externally supplied data to the 'logbook.pl' script.

A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

This vulnerability was reported to affect Wordit Logbook version 098b3 previous versions may also be affected.

www.example.com/logbook.pl?file=../../../../../../../bin/cat%20logbook.pl%00|

Navigation

Suggest Exploit

Services By CQR