The directory manager in Caldera 9.20 allows remote malicious users to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
caldera caldera 9.20 |