Arbitrary Command Execution via Insufficiently Random Directory Name in PeopleSoft PeopleTools
CVE-2003-0950 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
Learn more about our Web Application Penetration Testing UK.