CVE-2015-5190

Опубликовано: 01 сент. 2015

Источник: redhat

CVSS2: 9.3

Описание

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-77

https://bugzilla.redhat.com/show_bug.cgi?id=1252813pcs: Command injection with root privileges.

9.3 Critical

CVSS2

Связанные уязвимости

CVE-2015-5190

nvd

больше 10 лет назад

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

CVE-2015-5190

debian

больше 10 лет назад

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated ...

GHSA-cr7h-75cf-wm8x

github

больше 3 лет назад

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

9.3 Critical

CVSS2