CVE-2008-5810

Currently unrated

Key Information:

Vendor: Fujitsu-siemens
Status: Webtransactions
Vendor: CVE Published:; 2 January 2009

Summary

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

References

http://www.sec-consult.com/files/20081219-0_fujitsu-sieme...

x_refsource_MISC

http://bs2www.fujitsu-siemens.de/update/securitypatch.htm...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/47495

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 2, 2009
Vulnerability Reserved
Jan 2, 2009