CGI.SiteInteractive.Setup.PL.Arbitrary.Command.Execution

description-logoDescription

It indicates a malicious attacker attempted to execute unauthorized remote commands against SiteInteractive. SiteInteractive Subscribe Me setup.pl script does properly sanitize user supplied URI input. An attacker can invoke this script and use the URI paramters to create a file on the system. The attacker can then execute that file to have arbitrary Perl code run on the system.

affected-products-logoAffected Products

SiteInteractive Subscribe Me Pro and SiteInteractive Subscribe Me Enterprise

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)