CVE-2008-7158

Numara FootPrints 7.5a-7.5a1 & 8.0-8.0a - OS Command Injection via MRchat.pl or MRABLoad2.pl

Title source: llm
STIX 2.1

Description

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/42816
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28390
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27373
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39810
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/42813

Scores

EPSS 0.0333
EPSS Percentile 87.1%

Details

CWE
CWE-78
Status published
Products (4)
numarasoftware/footprints 7.5a
numarasoftware/footprints 7.5a1
numarasoftware/footprints 8.0
numarasoftware/footprints 8.0a
Published Sep 02, 2009
Tracked Since Feb 18, 2026