JVN#05559185: MilkyStep vulnerable to OS command injection

2015-06-09T00:00:00
ID JVN:05559185
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-06-09T00:00:00

Description

## Description

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability (CWE-78).

## Impact

An arbitrary OS command may be executed by an attacker.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • MilkyStep Light Ver0.94 and earlier
  • MilkyStep Professional Ver1.82 and earlier
  • MilkyStep Professional OEM Ver1.82 and earlier