The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webapp | Web-app.net | 0.9.9.3.3 (including) | 0.9.9.3.3 (including) |
| Webapp | Web-app.net | 0.9.9.3.4 (including) | 0.9.9.3.4 (including) |
| Webapp | Web-app.net | 0.9.9.4 (including) | 0.9.9.4 (including) |
| Webapp | Web-app.net | 0.9.9.5 (including) | 0.9.9.5 (including) |
| Webapp | Web-app.net | 0.9.9.6 (including) | 0.9.9.6 (including) |
| Webapp | Web-app.net | 0.9.9.7 (including) | 0.9.9.7 (including) |
| Webapp | Web-app.net | 0.9.9.8 (including) | 0.9.9.8 (including) |
| Webapp | Web-app.org | * | * |
References
- http://www.attrition.org/pipermail/vim/2007-June/001686.html
- http://www.securityfocus.com/archive/1/471213/100/0/threaded
- http://www.securityfocus.com/archive/1/471638/100/100/threaded
- http://www.securityfocus.com/bid/24453
- http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo\u0026cat=security\u0026id=3
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34845
- http://www.attrition.org/pipermail/vim/2007-June/001686.html
- http://www.securityfocus.com/archive/1/471213/100/0/threaded
- http://www.securityfocus.com/archive/1/471638/100/100/threaded
- http://www.securityfocus.com/bid/24453
- http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo\u0026cat=security\u0026id=3
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34845