PT-2014-3588 · Xangati · Xangati Xnr+1

Jan Kadijk

Published

2014-04-15

Updated

2014-04-15

CVE-2014-0359

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xangati XSR versions prior to 11 Xangati XNR versions prior to 7

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in a gui input test.pl params parameter to the "servlet/Installer" endpoint.

Recommendations For Xangati XSR versions prior to 11, update to version 11 or later. For Xangati XNR versions prior to 7, update to version 7 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2014-0359

Affected Products

Xangati Xnr

Xangati Xsr

PT-2014-3588 · Xangati · Xangati Xnr+1

CVE-2014-0359

Weakness Enumeration

Related Identifiers

Affected Products

References · 2