Intrusion Prevention

Sinapsi.ping.php.ipdominio.Command.Injection

Description

This indicates an attack attempt against a Command Injection vulnerability in SINAPSI eSolar Light Photovoltaic System Monitor.
The vulnerability is caused by insufficient sanitizing the parameter "ip_dominio" that is passed to "ping.php". It allows a remote attacker to inject arbitrary command via a crafted HTTP Request.

Affected Products

SINAPSI eSolar Light Photovoltaic System Monitor

Impact

System Compromise: Remote attackers can execute arbitrary command on vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2012-5863