Vulnerability Description
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webglimpse | Webglimpse | <= 2.18.8 |
Related Weaknesses (CWE)
References
- http://osvdb.org/80344
- http://secunia.com/advisories/48452
- http://www.kb.cert.org/vuls/id/364363PatchUS Government Resource
- http://www.securitytracker.com/id?1026825
- http://osvdb.org/80344
- http://secunia.com/advisories/48452
- http://www.kb.cert.org/vuls/id/364363PatchUS Government Resource
- http://www.securitytracker.com/id?1026825
FAQ
What is CVE-2012-1795?
CVE-2012-1795 is a vulnerability with a CVSS score of 7.5 (HIGH). webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.
How severe is CVE-2012-1795?
CVE-2012-1795 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1795?
Check the references section above for vendor advisories and patch information. Affected products include: Webglimpse Webglimpse.