Nikki HP no Mawashimono Unspecified Command Injection Vulnerability
BID:50752
Info
Nikki HP no Mawashimono Unspecified Command Injection Vulnerability
| Bugtraq ID: | 50752 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4002 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 21 2011 12:00AM |
| Updated: | Nov 21 2011 12:00AM |
| Credit: | Masako Ohno |
| Vulnerable: |
HP no Mawashimono Nikki 6.6 HP no Mawashimono Nikki 6.54 HP no Mawashimono Nikki 6.51 HP no Mawashimono Nikki 6.5 |
| Not Vulnerable: |
HP no Mawashimono Nikki 6.61 |
Discussion
Nikki HP no Mawashimono Unspecified Command Injection Vulnerability
Nikki is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver process. Successful exploits could compromise the application and possibly the underlying system.
Nikki 6.6 and prior versions are vulnerable.
Nikki is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver process. Successful exploits could compromise the application and possibly the underlying system.
Nikki 6.6 and prior versions are vulnerable.
Exploit / POC
Nikki HP no Mawashimono Unspecified Command Injection Vulnerability
An attacker with local, interactive access to a vulnerable computer can use readily available commands to exploit this issue.
An attacker with local, interactive access to a vulnerable computer can use readily available commands to exploit this issue.
Solution / Fix
Nikki HP no Mawashimono Unspecified Command Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Nikki HP no Mawashimono Unspecified Command Injection Vulnerability
References:
References:
- Nikki Homepage (HP no Mawashimono)
- JVN#48839888 Nikki vulnerable to OS command injection (Masako Ohno)