/alerttags/wstg-v42-inpv-12/ Recent content in WSTG-V42-INPV-12 on ZAP Hugo en-us /docs/alerts/20018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20018/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped &ldquo;=&rdquo; character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.</p> /docs/alerts/10048-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048-1/ <p>The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code.</p> /docs/alerts/10048-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048-2/ <p>The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code.</p> /docs/alerts/90020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90020/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> /docs/alerts/90037/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90037/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> /docs/alerts/40045/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40045/ <p>The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.</p>