Family: CGI abuses --> Category: attack
HAMweather daysonly Arbitrary Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Executes arbitrary command via HAMweather
Detailed Explanation for this Vulnerability Test
The remote web server contains an application that allows execution of
The remote host is running HAMweather, a weather-forecasting software
The installed version of HAMweather fails to properly sanitize input
to the 'daysonly' parameter before using it to evaluate PHP or Perl
code. An unauthenticated attacker can leverage this issue to execute
arbitrary code on the remote host subject to the rights of the web
server user id.
See also :
Upgrade to HAMweather 220.127.116.11 Perl/ASP or HAMweather 18.104.22.168 PHP or
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.