Censtore Remote Arbitrary Command Execution Vulnerability
BID:17515
Info
Censtore Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 17515 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2006 12:00AM |
| Updated: | Apr 13 2006 11:32PM |
| Credit: | FOX_MULDER is credited with the discovery of this vulnerability. |
| Vulnerable: |
Censtore Censtore 0 |
| Not Vulnerable: | |
Discussion
Censtore Remote Arbitrary Command Execution Vulnerability
Censtore is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the user running the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.
Censtore is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the user running the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.
Exploit / POC
Censtore Remote Arbitrary Command Execution Vulnerability
This issue can be exploited through a web client.
The following proof-of-concept exploit is available:
This issue can be exploited through a web client.
The following proof-of-concept exploit is available:
Solution / Fix
Censtore Remote Arbitrary Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]