CVE-2008-5810

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fujitsu-siemens:webtransactions:7.0:*:*:*:*:*:*:*
cpe:2.3:a:fujitsu-siemens:webtransactions:7.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:54

Type Values Removed Values Added
References () http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english - Patch () http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english - Patch
References () http://secunia.com/advisories/33168 - Patch, Vendor Advisory () http://secunia.com/advisories/33168 - Patch, Vendor Advisory
References () http://securityreason.com/securityalert/4856 - () http://securityreason.com/securityalert/4856 -
References () http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt - () http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt -
References () http://www.securityfocus.com/archive/1/499417/100/0/threaded - () http://www.securityfocus.com/archive/1/499417/100/0/threaded -
References () http://www.securityfocus.com/bid/32927 - () http://www.securityfocus.com/bid/32927 -
References () http://www.securitytracker.com/id?1021475 - () http://www.securitytracker.com/id?1021475 -
References () http://www.vupen.com/english/advisories/2008/3462 - () http://www.vupen.com/english/advisories/2008/3462 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/47495 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/47495 -

Information

Published : 2009-01-02 18:11

Updated : 2025-04-09 00:30


NVD link : CVE-2008-5810

Mitre link : CVE-2008-5810

CVE.ORG link : CVE-2008-5810


JSON object : View

Products Affected

fujitsu-siemens

  • webtransactions
CWE
CWE-20

Improper Input Validation