Exploitation Summary
EIP tracks 2 public exploits for CVE-2009-0700. PoCs published by Matteo Ignaccolo.
AI-analyzed exploit summary The provided text describes a vulnerability in Plunet BusinessManager involving security bypass and HTML injection due to improper input sanitization. It includes a sample URL demonstrating the issue but lacks executable exploit code.
Description
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp.
Exploits (2)
The provided text describes a vulnerability in Plunet BusinessManager involving security bypass and HTML injection due to improper input sanitization. It includes a sample URL demonstrating the issue but lacks executable exploit code.
The provided text describes CVE-2009-0700, an HTML injection and security bypass vulnerability in Plunet BusinessManager. It lacks executable exploit code but details the vulnerability and affected versions.