CVE-2008-5810

Fujitsu-Siemens WebTransactions <7.1 - Command Injection

Title source: llm
STIX 2.1

Description

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47495
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021475
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4856
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3462
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32927
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499417/100/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33168

Scores

EPSS 0.0376
EPSS Percentile 88.6%

Details

CWE
CWE-20
Status published
Products (2)
fujitsu-siemens/webtransactions 7.0
fujitsu-siemens/webtransactions 7.1
Published Jan 02, 2009
Tracked Since Feb 18, 2026