Sysinfo Multiple Input Validation Vulnerabilities

Sysinfo is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible. Remote attackers may also obtain the installation path.

Sysinfo 1.21 is reported vulnerable. Other versions may be affected as well.


Privacy Statement
Copyright 2010, SecurityFocus