innoEDIT 'innoedit.cgi'远程命令执行漏洞

Bugtraq ID:66367 innoEDIT是一款基于WEB的应用。 innoEDIT 'innoedit.cgi'不正确处理提交给'download'参数的数据，允许远程攻击者利用漏洞提交特殊shell元字符，可以WEB权限执行任意命令。 0 innoEDIT 6.2 目前没有详细解决方案提供： http://www.inno.com.mx/innoedit.htm http://www.mtyjet.com/innoedit/innoedit.cgi?download=;id|...

innoEDIT - 'innoedit.cgi' Remote Command Execution

source: https://www.securityfocus.com/bid/66367/info innoEDIT is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary commands in the context of the affected...