CVE-2008-5810
Published Jan 2, 2009
Last updated 6 years ago
Overview
- Description
- WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fujitsu-siemens:webtransactions:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8A90885-F8E8-4628-8E6B-F5285D61C4C1"
},
{
"criteria": "cpe:2.3:a:fujitsu-siemens:webtransactions:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C51DF200-6C78-4DEC-8D33-CFEA8FD42CAF"
}
],
"operator": "OR"
}
]
}
]