CVE-2007-6515
published 2007-12-21CVE-2007-6515: support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.93%
94.0th percentile
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | novell_forum | — | — |
| novell | novell_forum | — | — |
| novell | novell_forum | — | — |
| novell | novell_forum | — | — |
| novell | novell_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cr36-9r2x-97q5: Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2008-4047 [HIGH] CWE-94 GHSA-cr36-9r2x-97q5: Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7
Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515.
GHSA
GHSA-3f5w-779w-6xpc: support/dispatch
ghsa_unreviewed·2022-05-01
CVE-2007-6515 [HIGH] CWE-94 GHSA-3f5w-779w-6xpc: support/dispatch
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
No detection rules found.
Exploit-DB
SiteScape Enterprise Forum 7 - TCL Injection
exploitdb·2011-01-13·CVSS 7.5
CVE-2007-6515 [HIGH] SiteScape Enterprise Forum 7 - TCL Injection
SiteScape Enterprise Forum 7 - TCL Injection
---
#!/usr/bin/env python
"""
-*- coding: utf-8 -*-
sitescape_sploit.py
Copyright 2010 Spencer McIntyre
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth F
Exploit-DB
SiteScape Forum - 'dispatch.cgi' Tcl Command Injection
exploitdb·2007-12-20
CVE-2007-6515 SiteScape Forum - 'dispatch.cgi' Tcl Command Injection
SiteScape Forum - 'dispatch.cgi' Tcl Command Injection
---
source: https://www.securityfocus.com/bid/26963/info
SiteScape Forum is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver process. Successful exploits could compromise the application and possibly the underlying system.
http://www.example.com/forum/support/dispatch.cgi/0;command
No writeups or analysis indexed.
http://osvdb.org/39875http://secunia.com/advisories/28182http://securityreason.com/securityalert/3480http://www.exploit-db.com/exploits/15987http://www.securityfocus.com/archive/1/485398/100/0/threadedhttp://www.securityfocus.com/bid/26963https://exchange.xforce.ibmcloud.com/vulnerabilities/39182http://osvdb.org/39875http://secunia.com/advisories/28182http://securityreason.com/securityalert/3480http://www.exploit-db.com/exploits/15987http://www.securityfocus.com/archive/1/485398/100/0/threadedhttp://www.securityfocus.com/bid/26963https://exchange.xforce.ibmcloud.com/vulnerabilities/39182
2007-12-21
Published