#VU784 Arbitrary Command Execution - CVE-2016-6433
Published: October 5, 2016 / Updated: October 7, 2016
Vulnerability identifier: #VU784
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2016-6433
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a remote authenticated user to execute arbitrary commands on the target system.
The weakness exists due to insufficient input validation. Sending a specially crafted parameters to the web application an authenticated attacker can access the affected system and execute arbitrary commands.
Successful exploitation of the vulnerability results in arbitrary commands execution on the vulnerable system.
The weakness exists due to insufficient input validation. Sending a specially crafted parameters to the web application an authenticated attacker can access the affected system and execute arbitrary commands.
Successful exploitation of the vulnerability results in arbitrary commands execution on the vulnerable system.