[eVuln] MyQuiz Arbitrary Command Execution Vulnerability Feb 03 2006 10:48PM
alex evuln com
New eVuln Advisory:
MyQuiz Arbitrary Command Execution Vulnerability


Software: MyQuiz
Sowtware's Web Site: http://www.corantodemo.net/
Versions: 1.01
Critical Level: Dangerous
Type: Command Execution
Class: Remote
Status: Unpatched. Developer(s) contacted.
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
eVuln ID: EV0057

Vulnerable Script: myquiz.pl

Variable $ENV{'PATH_INFO'} isn't properly sanitized. This can be used to execute arbitrary commands.

System access is possible.

Available at: http://evuln.com/vulns/57/exploit.html

No Patch available.

Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus