|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | VegaDNS axfr_get.php Command Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A command injection vulnerability has been reported in the axfr_get.php script of VegaDNS. The vulnerability is due to insufficient input validation of the script's $file variable, which is derived from the user-supplied $domain parameter. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary commands under the security context of the web server. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |