Incomplete Blacklist Vulnerability in CPAINT Allows Remote Code Execution

Incomplete Blacklist Vulnerability in CPAINT Allows Remote Code Execution

CVE-2005-2625 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.

Learn more about our Web Application Penetration Testing UK.