Description
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
Remediation
References
Related Vulnerabilities
WordPress Plugin CevherShare 'cevhershare-admin.php' SQL Injection (2.0)
WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)
Django Improper Input Validation Vulnerability (CVE-2011-4139)
MongoDb Improper Input Validation Vulnerability (CVE-2013-1892)
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.3.2)