TDiary Unspecified Remote Code Execution Vulnerability
BID:21811
Info
TDiary Unspecified Remote Code Execution Vulnerability
| Bugtraq ID: | 21811 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2006 12:00AM |
| Updated: | Jan 04 2007 06:27PM |
| Credit: | Takagi Hiroshi reported this vulnerability. |
| Vulnerable: |
tDiary tDiary 2.0.3 tDiary tDiary 2.0.2 tDiary tDiary 2.0.1 |
| Not Vulnerable: |
tDiary tDiary 2.0.4 |
Discussion
TDiary Unspecified Remote Code Execution Vulnerability
tDiary is prone to an unspecified remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary Ruby code on an affected computer with the privileges of the webserver.
Versions prior to 2.0.4 are vulnerable to this issue.
tDiary is prone to an unspecified remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary Ruby code on an affected computer with the privileges of the webserver.
Versions prior to 2.0.4 are vulnerable to this issue.
Exploit / POC
TDiary Unspecified Remote Code Execution Vulnerability
An attacker can exploit this issue through a web client.
An attacker can exploit this issue through a web client.
Solution / Fix
TDiary Unspecified Remote Code Execution Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
TDiary Unspecified Remote Code Execution Vulnerability
References:
References:
- tDiary Homepage (tDiary)
- tDiary Security Advisory (tDiary)