2 matches found
CVE-2006-1831
CVE-2006-1831 : Direct static code injection in Sysinfo’s web interface. Sysinfo.cgi in sysinfo 1.21 and potentially versions before 2.25 allows remote command execution via a leading semicolon in the name parameter of a systemdoc action, which is injected into phpinfo.php. Affected: Sysinfo web-...
Sysinfo name Parameter Arbitrary Code Execution
The remote host is running Sysinfo, a web-based system monitor. The version of Sysinfo installed on the remote host fails to sanitize user-supplied input to the 'name' parameter before passing it to a shell for execution. An unauthenticated attacker may be able to exploit this issue to execute...