First published: Thu May 08 2014(Updated: )
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Caldera | =9.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-2935 is considered to have a high severity due to the possibility of remote command execution.
To fix CVE-2014-2935, you should update Caldera to a version that addresses this vulnerability.
CVE-2014-2935 can be exploited by attackers sending crafted PHP XMLRPC requests that include shell metacharacters.
CVE-2014-2935 specifically affects Caldera version 9.20.
The impact of CVE-2014-2935 allows unauthorized remote execution of commands on the affected server.