QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1136

Published: Feb 27, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sourceforge.net/project/shownotes.php?release_id=486880&group_id=172354

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

20070227 WebMplayer "eval injection" is actually OS command injection

mailing-list

x_refsource_VIM

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.