Back to search
CVE-2007-3572
Published: Jul 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25902
third-party-advisory
x_refsource_SECUNIA
yoggie-rundiagnostics-command-execution(35208)
vdb-entry
x_refsource_XF
20070702 Yoggie Pico Pro Remote Code Execution
mailing-list
x_refsource_FULLDISC
20070705 Re: Yoggie Pico Pro Remote Code Execution
mailing-list
x_refsource_FULLDISC
ADV-2007-2417
vdb-entry
x_refsource_VUPEN
24743
vdb-entry
x_refsource_BID
37808
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now