PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote malicious users to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
peoplesoft peopletools 8.10 |
||
peoplesoft peopletools 8.11 |
||
peoplesoft peopletools 8.19 |
||
peoplesoft peopletools 8.20 |
||
peoplesoft peopletools 8.17 |
||
peoplesoft peopletools 8.18 |
||
peoplesoft peopletools 8.43 |
||
peoplesoft peopletools 8.12 |
||
peoplesoft peopletools 8.13 |
||
peoplesoft peopletools 8.4 |
||
peoplesoft peopletools 8.40 |
||
peoplesoft peopletools 8.14 |
||
peoplesoft peopletools 8.15 |
||
peoplesoft peopletools 8.16 |
||
peoplesoft peopletools 8.41 |
||
peoplesoft peopletools 8.42 |
Vulmon