Remote Code Injection Vulnerability in Caldera 9.20 Directory Manager
CVE-2014-2936 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.
Learn more about our Web Application Penetration Testing UK.