kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
amensa-soft k\\+b-bestellsystem 2.3.3 |