Description

The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.

Remediation

References

CVE-2005-1966

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10405)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2853)

WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)

Apache HTTP Server Missing Authorization Vulnerability (CVE-2020-13938)

WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23)

Severity

High

Classification

CVE-2005-1966

Tags

Missing Update Known Vulnerabilities