Summary
This host is installed with GestioIP and is prone to remote command injection vulnerability.
Impact
Successful exploitation will allow remote attackers to inject and execute arbitrary shell commands.
Impact Level: Application/System
Solution
Upgrade to version 3.1 or later,
For updates refer to www.gestioip.net
Insight
An error exists in ip_checkhost.cgi script which fails to properly sanitize user-supplied input to 'ip' parameter before using it
Affected
GestioIP version 3.0, Other versions may also be affected.
Detection
Send a crafted exploit string via HTTP GET request and create a file.
Exploit works only when GestioIP is installed with default credentials
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Athena Web Registration remote command execution flaw
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Avenger's News System Command Execution
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability