Lucene search

MitreCVE-2011-5274

HistoryMar 21, 2014 - 4:38 a.m.

CVE-2011-5274

2014-03-2104:38:58

mitre

web.nvd.nist.gov

cve-2011-5274

domain technologie control

dtc

remote attackers

arbitrary commands

shell metacharacters

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.007

Percentile

81.2%

JSON

The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.

Affected configurations

Nvd

Node

gplhostdomain_technologie_controlRange≤0.32.7

gplhostdomain_technologie_controlMatch0.24.6

gplhostdomain_technologie_controlMatch0.25.1

gplhostdomain_technologie_controlMatch0.25.2

gplhostdomain_technologie_controlMatch0.25.3

gplhostdomain_technologie_controlMatch0.26.7

gplhostdomain_technologie_controlMatch0.26.8

gplhostdomain_technologie_controlMatch0.26.9

gplhostdomain_technologie_controlMatch0.27.3

gplhostdomain_technologie_controlMatch0.28.2

gplhostdomain_technologie_controlMatch0.28.3

gplhostdomain_technologie_controlMatch0.28.4

gplhostdomain_technologie_controlMatch0.28.6

gplhostdomain_technologie_controlMatch0.28.9

gplhostdomain_technologie_controlMatch0.28.10

gplhostdomain_technologie_controlMatch0.29.1

gplhostdomain_technologie_controlMatch0.29.6

gplhostdomain_technologie_controlMatch0.29.8

gplhostdomain_technologie_controlMatch0.29.10

gplhostdomain_technologie_controlMatch0.29.14

gplhostdomain_technologie_controlMatch0.29.15

gplhostdomain_technologie_controlMatch0.29.16

gplhostdomain_technologie_controlMatch0.29.17

gplhostdomain_technologie_controlMatch0.30.6

gplhostdomain_technologie_controlMatch0.30.8

gplhostdomain_technologie_controlMatch0.30.10

gplhostdomain_technologie_controlMatch0.30.18

gplhostdomain_technologie_controlMatch0.30.20

gplhostdomain_technologie_controlMatch0.32.1

gplhostdomain_technologie_controlMatch0.32.2

gplhostdomain_technologie_controlMatch0.32.3

gplhostdomain_technologie_controlMatch0.32.4

gplhostdomain_technologie_controlMatch0.32.5

gplhostdomain_technologie_controlMatch0.32.6

VendorProductVersionCPE
gplhostdomain_technologie_control*cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.24.6cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.25.1cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.25.2cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.25.3cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.26.7cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.26.8cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.26.9cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.27.3cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.28.2cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gplhost	domain_technologie_control	*	cpe:2.3:a:gplhost:domain_technologie_control::::::::
gplhost	domain_technologie_control	0.24.6	cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:::::::*
gplhost	domain_technologie_control	0.25.1	cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:::::::*
gplhost	domain_technologie_control	0.25.2	cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:::::::*
gplhost	domain_technologie_control	0.25.3	cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:::::::*
gplhost	domain_technologie_control	0.26.7	cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:::::::*
gplhost	domain_technologie_control	0.26.8	cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:::::::*
gplhost	domain_technologie_control	0.26.9	cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:::::::*
gplhost	domain_technologie_control	0.27.3	cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:::::::*
gplhost	domain_technologie_control	0.28.2	cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:::::::*

Rows per page:

1-10 of 341

References

git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a

git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64

www.debian.org/security/2011/dsa-2365

bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.007

Percentile

81.2%

JSON

Related for CVE-2011-5274