Clipperz Password Manager 'objectname' Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is running Clipperz Password Manager and is prone to remote code execution vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary php code. Impact Level: Application

Solution

No solution or patch is available as of 30th January, 2015. Information regarding this issue will updated once the solution details are available. For updates refer, https://clipperz.is/

Insight

The error exists as input passed via the 'objectname' parameter is not properly sanitized upon submission to the /backend/php/src/setup/rpc.php script

Affected

Clipperz Password Manager.

Detection

Send the crafted HTTP GET request and check is it possible to execute an arbitrary php code.

References

http://packetstormsecurity.com/files/126713
http://www.osvdb.com/107137

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat AJP Protocol Security Bypass Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
Baby Gekko CMS Multiple Vulnerabilities
AVTECH DVR Multiple Vulnerabilities
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Take action and discover your vulnerabilities