We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheckCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
bcoles
raw.githubusercontent.com/...s/unix/webapp/webtester_exec.rb
sourceforge.net/p/webtesteronline/bugs/3/
www.exploit-db.com/exploits/29132
advisories.checkpoint.com/...public/2014/cpai-2014-1620.html
www.vulncheck.com/...ries/webtester-unauth-command-execution
Support options