Fundanemt SpellCheck.PHP Remote Command Execution Vulnerability
BID:24185
Info
Fundanemt SpellCheck.PHP Remote Command Execution Vulnerability
| Bugtraq ID: | 24185 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2935 |
| Remote: | Yes |
| Local: | No |
| Published: | May 28 2007 12:00AM |
| Updated: | Apr 16 2015 06:14PM |
| Credit: | Kacper is credited with discovering this vulnerability. |
| Vulnerable: |
Fundanemt Fundanemt 2.2 |
| Not Vulnerable: |
Fundanemt Fundanemt 2.2.0.1 |
Discussion
Fundanemt SpellCheck.PHP Remote Command Execution Vulnerability
Fundanemt is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied input.
An Attacker can exploit this issue to execute arbitrary system commands with the privileges of the webserver process.
This issue affects Fundanemt 2.2.0 and prior versions.
Fundanemt is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied input.
An Attacker can exploit this issue to execute arbitrary system commands with the privileges of the webserver process.
This issue affects Fundanemt 2.2.0 and prior versions.
Exploit / POC
Fundanemt SpellCheck.PHP Remote Command Execution Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
Fundanemt SpellCheck.PHP Remote Command Execution Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Fundanemt SpellCheck.PHP Remote Command Execution Vulnerability
References:
References:
- Fundanemt 2.2.0.1 security release (Fundanemt)
- Fundanemt Homepage (Fundanemt )