PT-2009-2627 · Numara · Numara Footprints

Published

2009-09-02

Updated

2017-08-17

CVE-2008-7158

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Numara FootPrints versions 7.5a through 7.5a1 Numara FootPrints versions 8.0 through 8.0a

Description The issue allows remote attackers to execute arbitrary commands. This can be achieved by using shell metacharacters in the transcriptFile parameter to the "MRcgi/MRchat.pl" endpoint or the LOADFILE parameter to the "MRcgi/MRABLoad2.pl" endpoint.

Recommendations For Numara FootPrints versions 7.5a through 7.5a1, consider disabling access to the MRcgi/MRchat.pl and MRcgi/MRABLoad2.pl endpoints until a fix is available. For Numara FootPrints versions 8.0 through 8.0a, restrict the use of the transcriptFile and LOADFILE parameters in the affected endpoints to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2008-7158

Affected Products

Numara Footprints

PT-2009-2627 · Numara · Numara Footprints

CVE-2008-7158

Weakness Enumeration

Related Identifiers

Affected Products

References · 7