CGI.SiteInteractive.Setup.PL.Arbitrary.Command.Execution
Description
It indicates a malicious attacker attempted to execute unauthorized remote commands against SiteInteractive. SiteInteractive Subscribe Me setup.pl script does properly sanitize user supplied URI input. An attacker can invoke this script and use the URI paramters to create a file on the system. The attacker can then execute that file to have arbitrary Perl code run on the system.
Affected Products
SiteInteractive Subscribe Me Pro and SiteInteractive Subscribe Me Enterprise
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |