gsb/drivers.php in LANDesk Management Gateway 4.0 up to and including 4.0-1.48 and 4.2 up to and including 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
landesk management gateway 4.0-1.48 |
||
landesk management gateway 4.0 |
||
landesk management gateway 4.2-1.8 |
||
landesk management gateway 4.2 |