WebNote Clip vulnerable to OS command injection


WebNote Clip is CGI software to create bulletin boards, calendars, reports, and diaries. WebNote Clip contains an OS command injection vulnerability as it does not validate inputs properly.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

Friendly Lab
  • WebNote Clip 4.1.7 and earlier


An attacker could execute an arbitrary OS command on the server with WebNote Clip installed.

Vendor Information

Friendly Lab
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#87830692
Revision History

  • [2008/05/21]
      Web page published