Clipperz Password Manager 'objectname' Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is running Clipperz Password Manager and is prone to remote code execution vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary php code. Impact Level: Application

Solution

No solution or patch is available as of 30th January, 2015. Information regarding this issue will updated once the solution details are available. For updates refer, https://clipperz.is/

Insight

The error exists as input passed via the 'objectname' parameter is not properly sanitized upon submission to the /backend/php/src/setup/rpc.php script

Affected

Clipperz Password Manager.

Detection

Send the crafted HTTP GET request and check is it possible to execute an arbitrary php code.

References

http://packetstormsecurity.com/files/126713
http://www.osvdb.com/107137

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
Adobe ColdFusion Authentication Bypass Vulnerability
Alchemy Eye HTTP Command Execution
ATutor < 1.5.1-pl1 Multiple Flaws
AdMentor Login Flaw

Take action and discover your vulnerabilities