CVE-2008-5810

2009-01-0218:00:00

mitre

www.cve.org

AI Score

7.8

Confidence

High

EPSS

0.012

Percentile

85.0%

JSON

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

References

bs2www.fujitsu-siemens.de/update/securitypatch.htm#english

secunia.com/advisories/33168

securityreason.com/securityalert/4856

www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt

www.securityfocus.com/archive/1/499417/100/0/threaded

www.securityfocus.com/bid/32927

www.securitytracker.com/id?1021475

www.vupen.com/english/advisories/2008/3462

exchange.xforce.ibmcloud.com/vulnerabilities/47495