oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability

From: Henri Salo <henri () nerv fi>
Date: Tue, 10 Jul 2012 01:47:49 +0300
Hello,

Can you assign 2012 CVE-identifier for Basilic 1.5.14 diff.php remote code execution vulnerability, thanks.

Bugtraq ID: 54234
Announcement: http://seclists.org/bugtraq/2012/Jul/1
Verification: http://seclists.org/bugtraq/2012/Jul/42
Example URL: http://www.example.com/basilic/Config/diff.php?file=%26cat%20/etc/passwd&amp;new=1&amp;old=2
Metasploit PoC: http://downloads.securityfocus.com/vulnerabilities/exploits/54234.rb

OSVDB guys could you create item for this issue. Thank you :)

- Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: