Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2009-0545 — ZeroShell Remote Code Execution

Disclosure Date: February 12, 2009
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.

General Information

Exploited in the Wild

Reported by:
Technical Analysis