Security Advisory

CVE-2006-1831

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-04-19 16:00:00

Last updated 2024-08-07 17:27:28

Assigner mitre

State PUBLISHED

Description

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.

← Browse all CVEs View on cve.org ↗