Описание
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.
Комментарий
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Sanitization of Special Elements used in a Command ('Command Injection')"
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:datev:base_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06297
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.
EPSS
Процентиль: 91%
0.06297
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other