Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
References
Configurations
History
13 Feb 2023, 04:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API. |
02 Feb 2023, 14:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2012-2395 cobbler: command injection flaw in the power management XML-RPC API |
Information
Published : 2012-06-16 00:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-2395
Mitre link : CVE-2012-2395
CVE.ORG link : CVE-2012-2395
JSON object : View
Products Affected
michael_dehaan
- cobbler
CWE