VULHUB ™

It has been reported that Mondosoft MondoSearch is prone to a remote file include vulnerability that may allow an attacker to inject arbitrary ASP code on a vulnerable system. The issue is reported to occur due to the MsmSetup.exe module of the software. Although complete details are unavailable at the moment, this issue may be exploited by passing malicious input via a vulnerable URI parameter. Successful exploitation of this issue may allow an attack to execute arbitrary code in the context of the server hosting the software. Mondosoft MondoSearch versions 4.4, 5.0, and 5.1 are reported to be prone to this issue, however other versions may be affected as well.

It has been reported that Mondosoft MondoSearch is prone to a remote file include vulnerability that may allow an attacker to inject arbitrary ASP code on a vulnerable system. The issue is reported to occur due to the MsmSetup.exe module of the software. Although complete details are unavailable at the moment, this issue may be exploited by passing malicious input via a vulnerable URI parameter. Successful exploitation of this issue may allow an attack to execute arbitrary code in the context of the server hosting the software. Mondosoft MondoSearch versions 4.4, 5.0, and 5.1 are reported to be prone to this issue, however other versions may be affected as well.