Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading / (slash) characters and .. sequences.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pico_server | Pico_server | 3.0 | 3.0 |
Pico_server | Pico_server | 3.0_beta_3 | 3.0_beta_3 |
Pico_server | Pico_server | 3.1 | 3.1 |
Pico_server | Pico_server | 3.2 | 3.2 |