CVE-2008-6534

EPSS 5.89%
Veröffentlicht 26.03.2009 21:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vwsolutions ≫ Null Ftp Version1.1.0.7 Updatepro

Vwsolutions ≫ Null Ftp Version1.1.0.7 Updatesvr

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.89%	0.902

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	3.9	10	AV:N/AC:H/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/32999

Vendor Advisory

http://vuln.sg/nullftpserver1107-en.html

http://www.osvdb.org/50486

http://www.securityfocus.com/bid/32656

http://www.vupen.com/english/advisories/2008/3367

Vendor Advisory

http://www.vwsolutions.com/knowledgeBase/releaseNotes.aspx?productId=14

URL Repurposed

https://exchange.xforce.ibmcloud.com/vulnerabilities/47099

https://www.exploit-db.com/exploits/7355

https://nvd.nist.gov/vuln/detail/CVE-2008-6534

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-6534

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-6534

EUVD