CVE-2007-3621

AsteriDex <3.0 - RCE

Title source: llm

Description

Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Carl Livitt · bashwebappsphp

https://www.exploit-db.com/exploits/4151

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://secunia.com/advisories/25965

[Exploit, Patch] http://www.securityfocus.com/bid/24781

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35270

[Various Sources] http://bestof.nerdvittles.com/applications/asteridex/

[Various Sources] http://www.hoku.co.uk/advisories/asteridex.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/472907/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4151

[Third Party Advisory, VDB Entry] http://osvdb.org/37846

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2446

[Third Party Advisory] http://securityreason.com/securityalert/2863

Scores

EPSS 0.1529

EPSS Percentile 94.6%

Details

Status published

Products (1)

asteridex/asteridex < 3.0

Published Jul 09, 2007

Tracked Since Feb 18, 2026