Arbitrary Command Execution via Insufficiently Random Directory Name in PeopleSoft PeopleTools

Arbitrary Command Execution via Insufficiently Random Directory Name in PeopleSoft PeopleTools

CVE-2003-0950 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.

Learn more about our Web Application Penetration Testing UK.