Remote Command Execution Vulnerability in J-OWAMP Web Interface by J-OWAMP
CVE-2006-6454

Currently unrated

Key Information:

Vendor: J-owamp
Status: Web Interface
Vendor: CVE Published:; 10 December 2006

What is CVE-2006-6454?

The J-OWAMP Web Interface, specifically in versions 2.1b and earlier, contains a vulnerability in the execInBackground.php script. This flaw permits remote attackers to execute arbitrary commands on the server by manipulating the exe and args parameters with shell metacharacters. This execution occurs through an unsafe call to the system's exec function, potentially compromising the integrity and security of the affected system. Users are advised to assess their installations and immediately apply any available patches to mitigate the risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30781

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2006/4905

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2006
Vulnerability Reserved
Dec 10, 2006

CVE-2006-6454 Data

JSON

J-owamp

What is CVE-2006-6454?

References

Timeline