An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code.
Ha sido descubierto un problema en las versiones de Moxa SoftCMS anteriores a la versión 1.6. Una solicitud de URL especialmente manipulada enviada al SoftCMS ASP Webserver puede provocar una doble condición libre en el servidor permitiendo a un atacante modificar ubicaciones de memoria y posiblemente provocar una denegación de servicio o la ejecución de código arbitrario.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within processing of requests to the web server. A crafted URL can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator.
