{"vuid":"VU#364363","idnumber":"364363","name":"WebGlimpse command injection vulnerability","keywords":["WebGlimpse","command injection","RCE"],"overview":"Webglimpse, a web site search application, contains a command injection vulnerability.","clean_desc":"The webglimpse.cgi script contains a command injection vulnerability. An attacker can use a specifically crafted query URL parameter to run system commands. The results of the command will be displayed in the resulting web page. An example of the query parameter is below: query=%27%26command+and+arguments+go+here%26%27 It has been reported that this vulnerability is being exploited in the wild.","impact":"An attacker may be able to run operating system commands under the context of the user running the web server. It has been reported that attackers are leveraging this vulnerability to install PHP backdoors on affected web servers.","resolution":"Apply an Update Webglimpse version 2.20.0 has been released to address this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to Kevin Perry for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://webglimpse.net/","http://cwe.mitre.org/data/definitions/78.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-02-14T19:19:40Z","publicdate":"2012-03-20T00:00:00Z","datefirstpublished":"2012-03-20T12:21:33Z","dateupdated":"2012-03-27T20:22:37Z","revision":26,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"4","cam_widelyknown":"17","cam_exploitation":"7","cam_internetinfrastructure":"11","cam_population":"4","cam_impact":"11","cam_easeofexploitation":"9","cam_attackeraccessrequired":"13","cam_scorecurrent":"3.378375","cam_scorecurrentwidelyknown":"3.66795","cam_scorecurrentwidelyknownexploited":"4.922775","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:--/Au:N/C:C/I:C/A:P","cvss_temporalscore":"4.3","cvss_environmentalscore":"4.3","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":3.378375,"vulnote":null}