Dispair 0.1/0.2 - Remote Command Execution Vulnerability

2014-07-01T00:00:00
ID SSV:75502
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/5392/info

Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open() function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges of the webserver process.

http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id