Marcus Xenakis manual.php Execute Arbitrary Commands

2002-08-24T00:00:00
ID OSVDB:3409
Type osvdb
Reporter OSVDB
Modified 2002-08-24T00:00:00

Description

Vulnerability Description

Marcus S. Xenakis' manual.php script allows remote attackers to execute arbitrary commands. The issue is due to the script not properly sanitizing input. This allows an attacker to view the contents of arbitrary directories, or execute arbitrary commands.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Marcus S. Xenakis' manual.php script allows remote attackers to execute arbitrary commands. The issue is due to the script not properly sanitizing input. This allows an attacker to view the contents of arbitrary directories, or execute arbitrary commands.

References:

ISS X-Force ID: 7719 Generic Informational URL: http://www.securiteam.com/unixfocus/6K00B2A3FG.html CVE-2001-1214 CERT VU: 672419 Bugtraq ID: 3718