CVE-2007-6176

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
30/11/2007
Last modified:
09/04/2025

Description

kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:amensa-soft:k\+b-bestellsystem:2.3.3:*:*:*:*:*:*:*