Web application abuses : VegaDNS RCE Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.106275

Category: Web application abuses

Title: VegaDNS RCE Vulnerability

Summary: VegaDNS is prone to a remote command execution (RCE); vulnerability.

Description: Summary:
VegaDNS is prone to a remote command execution (RCE)
vulnerability.

Vulnerability Insight:
The file axfr_get.php allows unauthenticated access and fails to correctly
apply input escaping to all variables that is based on user input. This allows an attacker to inject shell
syntax constructs to take control of the command execution.

Vulnerability Impact:
An unauthorized attacker may execute arbitrary commands.

Solution:
Update to VegaDNS 0.13.3. for updates.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106275
Category:	Web application abuses
Title:	VegaDNS RCE Vulnerability
Summary:	VegaDNS is prone to a remote command execution (RCE); vulnerability.
Description:	Summary: VegaDNS is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: The file axfr_get.php allows unauthenticated access and fails to correctly apply input escaping to all variables that is based on user input. This allows an attacker to inject shell syntax constructs to take control of the command execution. Vulnerability Impact: An unauthorized attacker may execute arbitrary commands. Solution: Update to VegaDNS 0.13.3. for updates. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Copyright	Copyright (C) 2016 Greenbone AG