Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
BID:30027
Info
Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
| Bugtraq ID: | 30027 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 01 2008 12:00AM |
| Updated: | Jul 03 2008 04:40PM |
| Credit: | Filipe Balestra and Rodrigo Rubira Branco |
| Vulnerable: |
Wordtrans Wordtrans-web 1.1pre15 |
| Not Vulnerable: | |
Discussion
Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
Wordtrans-web is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary shell commands in the context of the webserver hosting the vulnerable application. This may facilitate the remote compromise of affected computers.
This issue affects Wordtrans-web 1.1.pre15; previous versions may also be vulnerable.
Wordtrans-web is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Attackers can exploit this issue to execute arbitrary shell commands in the context of the webserver hosting the vulnerable application. This may facilitate the remote compromise of affected computers.
This issue affects Wordtrans-web 1.1.pre15; previous versions may also be vulnerable.
Exploit / POC
Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
An attacker can use a browser to exploit this issue.
An attacker can use a browser to exploit this issue.
Solution / Fix
Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Wordtrans-web Remote Arbitrary Shell Command Injection Vulnerability
References:
References:
- [SCANIT-2008-002] Wordtrans-web Remote Command Execution Vulnerability (Scanit Labs
) - [SCANIT-2008-003] Wordtrans-web Remote Command Execution Vulnerability (Scanit Labs
) - SCANIT-2008-002 - Wordtrans-web Remote Command Execution Vulnerability (Filipe Balestra and Rodrigo Rubira Branco)
- SCANIT-2008-003 - Wordtrans-web Remote Command Execution Vulnerability (2) (Filipe Balestra and Rodrigo Rubira Branco)