CVE-2011-3195
Domain Technologie Control < 0.34.1 - Authenticated Remote Code Execution via Mailing List Tunable Options
Title source: llmDescription
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/13/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/24/10
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2365
Various Sources x_refsource_confirm
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
Scores
EPSS
0.0155
EPSS Percentile
72.3%
Details
CWE
CWE-20
Status
published
Products (35)
gplhost/domain_technologie_control
0.24.6
gplhost/domain_technologie_control
0.25.1
gplhost/domain_technologie_control
0.25.2
gplhost/domain_technologie_control
0.25.3
gplhost/domain_technologie_control
0.26.7
gplhost/domain_technologie_control
0.26.8
gplhost/domain_technologie_control
0.26.9
gplhost/domain_technologie_control
0.27.3
gplhost/domain_technologie_control
0.28.2
gplhost/domain_technologie_control
0.28.3
... and 25 more
Published
Mar 21, 2014
Tracked Since
Feb 18, 2026