| VID |
21735 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WPS Web-Portal-System is vulnerable to a command execution vulnerability in the wps_shop.cgi script. WPS Web-Portal-System is a CMS widely used in Germany and Italy. WPS Web-Portal-System version 0.7.0 could allow a remote attacker to execute arbitrary system commands, caused by improper validation of user-supplied input passed to the art parameter of the wps_shop.cgi script. A remote attacker could inject shell meta-characters ('I' or ';') to execute arbitrary shell commands on the system with privileges of the Web server process.
* References:
http://www.securityfocus.com/archive/1/405100
http://www.securiteam.com/unixfocus/5BP0Q00GBG.html
* Platforms Affected:
WPS Web-Portal-System version 0.7.0
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014. Please use another product. |
| Related URL |
CVE-2005-2290 (CVE) |
| Related URL |
14245 (SecurityFocus) |
| Related URL |
21356 (ISS) |
|
