VULHUB ™

Textor Webmasters Ltd offers a series of pre-packaged web content management solutions, including the 'listrec.pl' script. 'listrec.pl' does not adequately validate user-supplied input. It is possible for an attacker to craft a malicious web request which will cause remote commands to be executed on the host(with the privileges of the webserver process). This is due to the fact that 'listrec.pl' does not filter shell metacharacters from web requests. Additionally, because of the nature of insufficient input validation, this issue may allow the attacker to craft to view arbitrary web-readable files via a directory traversal attack. NOTE: The vendor, Textor Webmasters Ltd, claims that although shell metacharacters are not filtered, the nature of the program prevents this issue from being exploited to execute arbitrary commands.

Textor Webmasters Ltd offers a series of pre-packaged web content management solutions, including the 'listrec.pl' script. 'listrec.pl' does not adequately validate user-supplied input. It is possible for an attacker to craft a malicious web request which will cause remote commands to be executed on the host(with the privileges of the webserver process). This is due to the fact that 'listrec.pl' does not filter shell metacharacters from web requests. Additionally, because of the nature of insufficient input validation, this issue may allow the attacker to craft to view arbitrary web-readable files via a directory traversal attack. NOTE: The vendor, Textor Webmasters Ltd, claims that although shell metacharacters are not filtered, the nature of the program prevents this issue from being exploited to execute arbitrary commands.