[Japanese]

JVNDB-2005-000801

WebNote Clip vulnerable to OS command injection

Overview

WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Friendly Lab
  • WebNote Clip 4.1.7 and earlier

Impact

An attacker could execute an arbitrary OS command on the server with WebNote Clip installed.
Solution

Vendor Information

Friendly Lab
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#87830692
Revision History

  • [2008/05/21]
      Web page published