CVE-2007-3572

Name of the Vulnerable Software and Affected Versions Yoggie Pico and Pico Pro (affected versions not specified)

Description The issue is related to an incomplete blacklist vulnerability in the cgi-bin/runDiagnostics.cgi file within the web interface. This allows remote attackers to execute arbitrary commands by injecting shell metacharacters in the param parameter. An example of such an attack involves using URL encoded "`" (backtick) characters, represented as %60 sequences.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.