Unrated severityNVD Advisory· Published Jan 5, 2018· Updated Aug 5, 2024

CVE-2017-16666

Description

Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Xplico/Xplicoinferred2 versions
<1.2.1+ 1 more
- (no CPE)range: <1.2.1
- (no CPE)range: < 1.2.1

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.exploit-db.com/exploits/43430/mitreexploitx_refsource_EXPLOIT-DB
blog.securityonion.net/2017/11/security-advisory-for-xplico-120.htmlmitrex_refsource_CONFIRM
packetstormsecurity.com/files/145639/Xplico-Remote-Code-Execution.htmlmitrex_refsource_MISC
www.rapid7.com/db/modules/exploit/linux/http/xplico_execmitrex_refsource_MISC
pentest.blog/advisory-xplico-unauthenticated-remote-code-execution-cve-2017-16666/mitrex_refsource_MISC
www.xplico.org/archives/1538mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.064
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000