webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.0 (including) | 4.0 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.1 (including) | 4.1 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.2 (including) | 4.2 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.10 (including) | 4.10 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.11 (including) | 4.11 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.12 (including) | 4.12 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.20 (including) | 4.20 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.21 (including) | 4.21 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.22 (including) | 4.22 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.30 (including) | 4.30 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.31 (including) | 4.31 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.32 (including) | 4.32 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 4.33 (including) | 4.33 (including) |
| Affordable_web_space_design_webbbs | Affordable_web_space_design | 5.0 (including) | 5.0 (including) |
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00232.html
- http://www.iss.net/security_center/static/9378.php
- http://www.securityfocus.com/bid/5048
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00232.html
- http://www.iss.net/security_center/static/9378.php
- http://www.securityfocus.com/bid/5048