Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0495

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0495
Last Modified 05 Sep 2008 04:28:10
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0495

Summary

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

Vulnerable Systems

Application

  • Cgiscript.net Cssearch 2.3


References

BID - 4368

XF - cssearch-url-execute-commands(8636)

BUGTRAQ - 20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)

MISC - http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7


Last Updated: 27 May 2016 10:36:56