Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
GestioIP Command Injection Vulnerability in ip_checkhost.cgi Allowing Remote Code Execution
Vulnerability
A command injection vulnerability has been identified in GestioIP versions prior to 3.0 commit ac67be, specifically in the ip_checkhost.cgi script. This vulnerability allows authenticated users to execute arbitrary shell commands on the server by injecting base64-encoded payloads into the 'ip' parameter. The need for authentication depends on the deployment configuration.
Impact
Exploitation of this vulnerability allows for authenticated remote command execution on the server where GestioIP is installed.
Reproduction
To reproduce this vulnerability, send a request to the ip_checkhost.cgi script with a crafted 'ip' parameter that includes a base64-encoded payload. This payload should be designed to execute a command on the server. If GestioIP is not configured to require authentication, the vulnerability can be exploited without credentials. Otherwise, an authenticated user must be used.
Remediation
Users can update to GestioIP version 3.0.28 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.