Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2009-0545 — ZeroShell Remote Code Execution

Disclosure Date: February 12, 2009
Exploited In the Wild
Reported by hrbrmstr
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.

General Information

Additional Info

Technical Analysis