VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability

Bugtraq ID:	69225
Class:	Input Validation Error
CVE:	CVE-2014-5073
Remote:	Yes
Local:	No
Published:	Aug 14 2014 12:00AM
Updated:	Aug 14 2014 12:00AM
Credit:	Emilio Pinna
Vulnerable:
Not Vulnerable:

VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability

VMTurbo Operations Manager is prone to a remote command-execution vulnerability.

An attacker may leverage this issue to execute arbitrary OS commands in the context of the affected application.

VMTurbo Operations Manager 4.6 and prior are vulnerable.

VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/69225.rb

VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability

References: