iWare Professional Remote Code Execution Vulnerability
BID:20947
Info
iWare Professional Remote Code Execution Vulnerability
| Bugtraq ID: | 20947 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2006 12:00AM |
| Updated: | Nov 08 2006 06:41PM |
| Credit: | nuffsaid <nuffsaid[at]newbslove.us> discovered this issue. |
| Vulnerable: |
iWare iWare Professional 5.0.4 |
| Not Vulnerable: | |
Discussion
iWare Professional Remote Code Execution Vulnerability
iWare Professional CMS is prone to an arbitrary code-execution vulnerability.
An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
iWare Professional CMS is prone to an arbitrary code-execution vulnerability.
An attacker may leverage this issue to execute arbitrary PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Exploit / POC
iWare Professional Remote Code Execution Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/[path]/admin/mods/simplechat_1.0.0/chat_panel.php?talk=1&msg=[evilcode]
An exploit is not required.
The following proof of concept is available:
http://www.example.com/[path]/admin/mods/simplechat_1.0.0/chat_panel.php?talk=1&msg=[evilcode]
Solution / Fix
iWare Professional Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
iWare Professional Remote Code Execution Vulnerability
References:
References: