Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| electric_cloud | electriccommander | 5.0.2 |
| electric_cloud | electriccommander | 5.0.1 |
| electric_cloud | electriccommander | 5.0.0 |
| electric_cloud | electriccommander | * |