- Description
- astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:astrocam:astrocam:0.9-1-1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F3AA8DC-D1E9-49FD-B76C-CAB5057C3CE0"
},
{
"criteria": "cpe:2.3:a:astrocam:astrocam:0.9-5-1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84B47FFC-F749-45A2-A078-A0A59BF1D062"
},
{
"criteria": "cpe:2.3:a:astrocam:astrocam:0.9-7-3:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D93A4872-716C-48DA-BBA9-51B6B1A47EFF"
},
{
"criteria": "cpe:2.3:a:astrocam:astrocam:1.0.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC9129CE-04C3-4E0A-B33F-2D09A6960092"
},
{
"criteria": "cpe:2.3:a:astrocam:astrocam:1.4:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CACAA884-D48E-4F68-A768-17EC528E579B"
}
],
"operator": "OR"
}
]
}
]