CVE-2014-2935

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.

Score10.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published2014-05-08 06:55:04.000-04
Last Modified2014-05-16 12:26:31.000-04

Vulnerable Software List

VendorProductVersions
Caldera Caldera 9.20

References

SourceLink
CERT-VNVU#693092
BID67252