CVE-2007-6459

Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.

Published: Dec 20, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6459
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
anon_proxy_server / anon_proxy_server	0.100	0.100.x

http://osvdb.org/43711
http://osvdb.org/43712
http://securityreason.com/securityalert/3463
http://www.securityfocus.com/archive/1/485151/100/0/threaded
http://www.securityfocus.com/bid/26882
https://www.exploit-db.com/exploits/4734

Vulnerability Database

CVE-2007-6459