Summary
This host is installed with GestioIP and is prone to remote command injection vulnerability.
Impact
Successful exploitation will allow remote attackers to inject and execute arbitrary shell commands.
Impact Level: Application/System
Solution
Upgrade to version 3.1 or later,
For updates refer to www.gestioip.net
Insight
An error exists in ip_checkhost.cgi script which fails to properly sanitize user-supplied input to 'ip' parameter before using it
Affected
GestioIP version 3.0, Other versions may also be affected.
Detection
Send a crafted exploit string via HTTP GET request and create a file.
Exploit works only when GestioIP is installed with default credentials
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- ArticleFR CMS Multiple Vulnerabilities - Jan15
- Arkeia Appliance Path Traversal Vulnerability