Intrusion Prevention

Myquiz.Shell.Command.Injection

Description

Indicates a possible attempt at exploiting an Input Validation bug in MyQuiz. The vulnerability lies in the applications failure to properly sanitize the ENV-PATH_INFO variable. Remote attackers can leverage this vulnerability to execute arbitrary shell commands with the privileges of the web server.

Affected Products

MyQuiz version 1.01 and prior

Impact

Potential system compromise.

Recommended Actions

Upgrade to a non-vulnerable version if possible.