Remote Code Injection Vulnerability in Caldera 9.20 Directory Manager

Remote Code Injection Vulnerability in Caldera 9.20 Directory Manager

CVE-2014-2936 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.

Learn more about our Web Application Penetration Testing UK.