Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0948

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0948
Last Modified 10 Sep 2008 03:13:26
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0948

Summary

Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.

Vulnerable Systems

Application

  • Scripts For Educators Makebook 2.2


References

XF - makebook-name-field-validation(9356)

CONFIRM - http://www.tesol.net/scriptmail.html

CONFIRM - http://www.linguistic-funland.com/scripts/MakeBook/makebook.script

BID - 4996

BUGTRAQ - 20020613 Re: SSI & CSS execution in MakeBook 2.2

BUGTRAQ - 20020612 SSI & CSS execution in MakeBook 2.2


Last Updated: 27 May 2016 10:37:08