webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.Referenceshttp://www.kb.cert.org/vuls/id/364363http://www.securitytracker.com/id?1026825http://osvdb.org/80344http://secunia.com/advisories/48452
