Vulnerability Description
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gplhost | Domain Technologie Control | <= 0.32.7 |
References
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec99
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925b
- http://www.debian.org/security/2011/dsa-2365
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec99
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925b
- http://www.debian.org/security/2011/dsa-2365
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630
FAQ
What is CVE-2011-5274?
CVE-2011-5274 is a vulnerability with a CVSS score of 7.5 (HIGH). The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacha...
How severe is CVE-2011-5274?
CVE-2011-5274 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5274?
Check the references section above for vendor advisories and patch information. Affected products include: Gplhost Domain Technologie Control.