Back to search
CVE-2008-5810
Published: Jan 2, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english
x_refsource_CONFIRM
webtransactions-wbpublish-command-injection(47495)
vdb-entry
x_refsource_XF
1021475
vdb-entry
x_refsource_SECTRACK
4856
third-party-advisory
x_refsource_SREASON
ADV-2008-3462
vdb-entry
x_refsource_VUPEN
32927
vdb-entry
x_refsource_BID
20081219 SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactionsremote command injection vulnerability
mailing-list
x_refsource_BUGTRAQ
33168
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now