Test ID:	1.3.6.1.4.1.25623.1.0.103831
Category:	Web application abuses
Title:	Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability
Summary:	Webuzo is prone to a remote command-injection vulnerability; because it fails to adequately sanitize user-supplied input.
Description:	Summary: Webuzo is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input. Vulnerability Insight: The value of a cookie used by the application is not appropriately validated or sanitised before processing and permits backtick characters. This allows additional OS commands to be injected and executed on the server system, and may result in server compromise. Vulnerability Impact: Remote attackers can exploit this issue to execute arbitrary commands in the context of the affected application. Affected Software/OS: Webuzo versions through 2.1.3 are vulnerable. Solution: Updates are available. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6041 https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007) Common Vulnerability Exposure (CVE) ID: CVE-2013-6042 BugTraq ID: 63464 http://www.securityfocus.com/bid/63464 http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007) http://osvdb.org/99203 Common Vulnerability Exposure (CVE) ID: CVE-2013-6043
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.