Vulnerabilities > CVE-2001-0844 - Remote Arbitrary Command Execution vulnerability in Seth Leonard Book of Guests and Post IT

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

seth-leonard

NVD

Published: 2001-12-06

Updated: 2016-10-18

Summary

Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.

Vulnerable Configurations

Part	Description	Count
Application	Seth_Leonard Seth Leonard Book OF Guests * Seth Leonard Post IT *	2

References

http://marc.info/?l=bugtraq&m=100446263601021&w=2
http://www.iss.net/security_center/static/7434.php
http://www.iss.net/security_center/static/7435.php
http://www.securityfocus.com/bid/3483
http://www.securityfocus.com/bid/3485