MetaInfo Web Server Traversal Arbitrary Command Execution
Critical Nessus Plugin ID 10141
SynopsisThe remote host has a command execution vulnerability.
DescriptionThe remote MetaInfo web server (installed with MetaInfo's Sendmail or MetaIP servers) has an arbitrary command execution vulnerability. It is possible to read files or execute arbitrary commands by prepending the appropriate number of '../' to the desired filename. A remote attacker could exploit this to execute arbitrary commands on the system.
SolutionUpgrade to the latest version of this software.