CVE-2011-4639

{"id": "CVE-2011-4639", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-10-08T10:47:44.950", "references": [{"url": "http://www.sec-1.com/blog/?p=211", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence."}, {"lang": "es", "value": "Las implementaciones (1) Traceroute y (2) Ping en tools.php en SpamTitan WebTitan anteiores a v3.60 permite a usuarios remotos autenticados ejecutar comandos a trav\u00e9s de metacaracteres shell en el argumento, como se demostr\u00f3 con una secuencia && (ampersand, ampersand)."}], "lastModified": "2012-10-08T10:47:44.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spamtitan:webtitan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A9508E-603C-4B9D-A4D6-81E2B4C15FA8", "versionEndIncluding": "3.50"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}