Menu Manager Module System Command Remote Command Execution Vulnerability
TITLE: Menu Manager Module System Command Remote Command Execution Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 18 2007 05:19PM
CREDIT: web-app@hotmail.com is credited with discovering this vulnerability.
VULNERABLE:
WebAPP WebAPP 0.9.9 .3.2NOT VULNERABLE:
WebAPP WebAPP 0.9.9 .2.1
WebAPP WebAPP 0.9.9 .2
WebAPP WebAPP 0.9.9
WebAPP WebAPP 0.9.9.5
WebAPP WebAPP 0.9.9.4
2xInt Menu Manager Module 1.5
WebAPP WebAPP 0.9.9 6
Vai alla pagina originale su Security Focus
Discussion
The Menu Manager module for WebAPP is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary system commands within the context of the affected webserver.
This issue affects Menu Manager Module 1.5 running on WebAPP prior to 0.9.9.7.
Exploit
Attackers can use a browser to exploit this issue.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
References:
- Menu Manager Module Homepage (2xInt )
- Menu Manager Mod for WebAPP - No Input Filtering ( web-app@hotmail.com)