OSVDB ID: 80344

Title: WebGlimpse webglimpse.cgi query Parameter Shell Metacharacter Arbitrary Command Execution

Info

Disclosure

Mar 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

WebGlimpse contains a flaw related to the webglimpse.cgi script failing to properly sanitize input passed via shell metacharacters in the query parameter. This may allow a remote attacker to execute arbitrary shell commands.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Discovered in the Wild
OSVDB: Web Related

Solution

Upgrade to version 2.20.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Internet WorkShop

WebGlimpse

2.18.8

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/80344