CVE-2008-7158

Name of the Vulnerable Software and Affected Versions Numara FootPrints versions 7.5a through 7.5a1 Numara FootPrints versions 8.0 through 8.0a

Description The issue allows remote attackers to execute arbitrary commands. This can be achieved by using shell metacharacters in the transcriptFile parameter to the "MRcgi/MRchat.pl" endpoint or the LOADFILE parameter to the "MRcgi/MRABLoad2.pl" endpoint.

Recommendations For Numara FootPrints versions 7.5a through 7.5a1, consider disabling access to the MRcgi/MRchat.pl and MRcgi/MRABLoad2.pl endpoints until a fix is available. For Numara FootPrints versions 8.0 through 8.0a, restrict the use of the transcriptFile and LOADFILE parameters in the affected endpoints to minimize the risk of exploitation.