Vulnerabilities > CVE-2007-3572 - Unspecified vulnerability in Yoggie Pico and Pico PRO
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN yoggie
exploit available
Summary
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Yoggie Pico and Pico Pro Backticks Remote Code Execution Vulnerability. CVE-2007-3572. Webapps exploit for cgi platform |
| id | EDB-ID:30260 |
| last seen | 2016-02-03 |
| modified | 2007-07-02 |
| published | 2007-07-02 |
| reporter | Cody Brocious |
| source | https://www.exploit-db.com/download/30260/ |
| title | Yoggie Pico and Pico Pro Backticks Remote Code Execution Vulnerability |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.html
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.html
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html
- http://osvdb.org/37808
- http://osvdb.org/37808
- http://secunia.com/advisories/25902
- http://secunia.com/advisories/25902
- http://www.securityfocus.com/bid/24743
- http://www.securityfocus.com/bid/24743
- http://www.vupen.com/english/advisories/2007/2417
- http://www.vupen.com/english/advisories/2007/2417
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35208