webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.
References
Link | Resource |
---|---|
http://osvdb.org/80344 | |
http://secunia.com/advisories/48452 | |
http://www.kb.cert.org/vuls/id/364363 | Patch US Government Resource |
http://www.securitytracker.com/id?1026825 | |
http://osvdb.org/80344 | |
http://secunia.com/advisories/48452 | |
http://www.kb.cert.org/vuls/id/364363 | Patch US Government Resource |
http://www.securitytracker.com/id?1026825 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/80344 - | |
References | () http://secunia.com/advisories/48452 - | |
References | () http://www.kb.cert.org/vuls/id/364363 - Patch, US Government Resource | |
References | () http://www.securitytracker.com/id?1026825 - |
Information
Published : 2012-03-20 18:55
Updated : 2024-11-21 01:37
NVD link : CVE-2012-1795
Mitre link : CVE-2012-1795
CVE.ORG link : CVE-2012-1795
JSON object : View
Products Affected
webglimpse
- webglimpse
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')