3 matches found
Immunity Canvas: SMARTPUB_EXEC
Name| smartpubexec ---|--- CVE| CVE-2008-0503 Exploit Pack| CANVAS Description| Smart Publisher 1.0.1 exec Notes| CVE Name: CVE-2008-0503 VENDOR: Smart Publisher Notes: Try using nc -e /bin/sh as your command and having a nc -vlp Repeatability: Infinite References:...
CVE-2008-0503
CVE-2008-0503 affects Netwerk Smart Publisher 1.0.1. An eval() failure in admin/op/disp.php allows remote attackers to execute arbitrary PHP code via the filedata parameter, enabling unauthenticated, network-vector exploitation. CVSS 2.0 base score 6.8 ("NETWORK" attack vector, "MEDIUM" complexit...
Smart Publisher index.php filedata Parameter Arbitrary Command Execution
The remote host is running Smart Publisher, an open source application for website publishing. The version of Smart Publisher on the remote host fails to sanitize input to the 'filedata' parameter of the 'index.php' script before using it in an 'eval' statement in the 'admin/op/disp.php' script t...