Lucene search

Veracode Vulnerability DatabaseVERACODE:23312

HistoryApr 10, 2020 - 12:22 a.m.

Arbitrary Command Execution

2020-04-1000:22:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

php is vulnerable to arbitrary command execution. The vulnerability exists as it was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue.

CPENameOperatorVersion
postgresqlclient81eq8.1.9__1.el5s2
perl-dbd-mysqleq4.004__1.el5s2
mysql-connector-odbceq3.51.15r409__1.el5s2
mysql-jdbceq5.0.5__1jpp.1.el5s2
unixodbceq2.2.11__10.el5
unixodbceq2.2.12__1.el5s2
postgresql-jdbceq8.2.505__1jpp.el5s2
postgresqleq8.1.9__1.el5
postgresqleq8.2.4__6.el5s2
postgresqleq8.2.6__1.el5s2

Name	Operator	Version
postgresqlclient81	eq	8.1.9__1.el5s2
perl-dbd-mysql	eq	4.004__1.el5s2
mysql-connector-odbc	eq	3.51.15r409__1.el5s2
mysql-jdbc	eq	5.0.5__1jpp.1.el5s2
unixodbc	eq	2.2.11__10.el5
unixodbc	eq	2.2.12__1.el5s2
postgresql-jdbc	eq	8.2.505__1jpp.el5s2
postgresql	eq	8.1.9__1.el5
postgresql	eq	8.2.4__6.el5s2
postgresql	eq	8.2.6__1.el5s2

Rows per page:

1-10 of 741

References

lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

secunia.com/advisories/30048

secunia.com/advisories/30083

secunia.com/advisories/30158

secunia.com/advisories/30288

secunia.com/advisories/30345

secunia.com/advisories/30411

secunia.com/advisories/30757

secunia.com/advisories/30828

secunia.com/advisories/30967

secunia.com/advisories/31119

secunia.com/advisories/31124

secunia.com/advisories/31200

secunia.com/advisories/31326

secunia.com/advisories/32746

security.gentoo.org/glsa/glsa-200811-05.xml

wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

wiki.rpath.com/wiki/Advisories:rPSA-2008-0178

www.debian.org/security/2008/dsa-1572

www.debian.org/security/2008/dsa-1578

www.mandriva.com/security/advisories?name=MDVSA-2008:125

www.mandriva.com/security/advisories?name=MDVSA-2008:126

www.mandriva.com/security/advisories?name=MDVSA-2008:127

www.mandriva.com/security/advisories?name=MDVSA-2008:128

www.openwall.com/lists/oss-security/2008/05/02/2

www.php.net/ChangeLog-5.php

www.redhat.com/docs/en-US/Red_Hat_Application_Stack/2.1/html-single/Release_Notes/

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0544.html

www.redhat.com/support/errata/RHSA-2008-0545.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.redhat.com/support/errata/RHSA-2008-0582.html

www.securityfocus.com/archive/1/492535/100/0/threaded

www.securityfocus.com/archive/1/492671/100/0/threaded

www.securityfocus.com/bid/29009

www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951

www.ubuntu.com/usn/usn-628-1

www.vupen.com/english/advisories/2008/1412

www.vupen.com/english/advisories/2008/2268

access.redhat.com/errata/RHSA-2008:0505

issues.rpath.com/browse/RPL-2503

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256

www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:23312