PT-2001-2587 · Mountain Network Systems · Webcart
Publicado
2001-12-31
·
Atualizado
2017-07-11
·
CVE-2001-1502
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mountain Network Systems WebCart version 8.4
Description
The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters in the
NEXTPAGE parameter of the webcart.cgi endpoint.Recommendations
For Mountain Network Systems WebCart version 8.4, consider restricting access to the webcart.cgi endpoint until a patch is available, and avoid using the
NEXTPAGE parameter with untrusted input.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Webcart