| Title | vivotek IB8367A VVTK-0100b command injection |
|---|
| Description | vivotek IB8367A has command injection vulnerability in upload_file.cgi.The program receives the attacker's GET request through the getenv function at line 61, obtains the value of the first field through the code at line 69, and concatenates it into a formatted string using the snprintf function. Finally, the systemfunction is used to execute the system command. Because the attacker's input is not filtered, any command can be executed. |
|---|
| Source | ⚠️ https://yjz233.notion.site/vivotek-IB8367A-has-command-injection-vulnerability-in-upload_file-cgi-899e5d529fb14b4189534b2b9830bfff?pvs=4 |
|---|
| User | jylsec (UID 60282) |
|---|
| Submission | 07/31/2024 15:35 (2 years ago) |
|---|
| Moderation | 08/02/2024 23:36 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 273528 [Vivotek IB8367A VVTK-0100b upload_file.cgi getenv QUERY_STRING command injection] |
|---|
| Points | 17 |
|---|