Summary
This host is installed with ActualAnalyzer Lite and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the affected system.
Impact Level: Application
Solution
No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available.
or updates refer to http://www.actualscripts.com/products/analyzer/lite
Insight
Flaw exists because the 'ant' cookie parameter is not properly sanitized upon submission to the /aa.php script.
Affected
ActualAnalyzer Lite version 2.81 and probably prior.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to execute the code remotely.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- b2ePMS Multiple SQL Injection Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Avenger's News System Command Execution
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution