astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| astrocam | astrocam | 1.4 |
| astrocam | astrocam | 0.9-1-1 |
| astrocam | astrocam | 1.0.1 |
| astrocam | astrocam | 0.9-5-1 |
| astrocam | astrocam | 0.9-7-3 |