| VID |
21922 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The BDPDT application is vulnerable to an arbitrary code execution vulnerability via the 'cmd.aspx' script. BDPDT stands for ByDesign Portal Developer Toolkit and contains a suit of modules, controls and interfaces to ease the development of DNN(DotNetNuke) portable modules. The BDPDT application could allow a remote attacker to execute arbitrary commands on the affected host directly through the 'cmd.aspx' script or indirectly by uploading malicious files with the 'UploadFilePopUp.aspx' script.
* References:
http://forums.asp.net/thread/1276672.aspx
http://blogs.wwwcoder.com/psantry/archive/2006/05/03/23851.aspx
* Platforms Affected:
ByDesignWebSights BDPDT Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2014. Please contact your vendor for upgrade information.
Upgrade to the latest version of BDPDT, when new fixed version becomes available from the ByDesignWebSights Web site at http://www.dnn-modules.com/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
