O'Reilly WebSite Pro args.cmd Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
WebSite Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'args.cmd' script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the demo files.