CVE-2011-3195

Domain Technologie Control < 0.34.1 - Authenticated Remote Code Execution via Mailing List Tunable Options

Title source: llm
STIX 2.1

Description

shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/13/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/24/10
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2365

Scores

EPSS 0.0155
EPSS Percentile 72.3%

Details

CWE
CWE-20
Status published
Products (35)
gplhost/domain_technologie_control 0.24.6
gplhost/domain_technologie_control 0.25.1
gplhost/domain_technologie_control 0.25.2
gplhost/domain_technologie_control 0.25.3
gplhost/domain_technologie_control 0.26.7
gplhost/domain_technologie_control 0.26.8
gplhost/domain_technologie_control 0.26.9
gplhost/domain_technologie_control 0.27.3
gplhost/domain_technologie_control 0.28.2
gplhost/domain_technologie_control 0.28.3
... and 25 more
Published Mar 21, 2014
Tracked Since Feb 18, 2026