9 lines
No EOL
610 B
Text
9 lines
No EOL
610 B
Text
source: http://www.securityfocus.com/bid/25694/info
|
|
|
|
Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data.
|
|
|
|
Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
|
|
|
|
Alcatel-Lucent OmniPCX Enterprise R7.1 and prior versions are vulnerable to this issue.
|
|
|
|
curl -k "https://www.example.com/cgi-bin/masterCGI?ping=nomip&user=;ls\${IFS}-l;" |