Deserialization of untrusted data

2008-11-0100:00:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.

CPENameOperatorVersion
spboardeq4.5

CPE	Name	Operator	Version
	spboard	eq	4.5

References

secunia.com/advisories/32459

securityreason.com/securityalert/4534

www.securityfocus.com/bid/31972

exchange.xforce.ibmcloud.com/vulnerabilities/46192

www.exploit-db.com/exploits/6864