csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
References
Link | Resource |
---|---|
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 | Product |
http://www.iss.net/security_center/static/8636.php | Broken Link Patch Vendor Advisory |
http://www.securityfocus.com/archive/1/264169 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://www.securityfocus.com/bid/4368 | Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory |
Configurations
History
13 Feb 2024, 16:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cgiscript cssearch Professional
Cgiscript |
|
CPE | cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:* | |
References | (XF) http://www.iss.net/security_center/static/8636.php - Broken Link, Patch, Vendor Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/264169 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/4368 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (MISC) http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 - Product | |
CWE | CWE-94 |
Information
Published : 2002-08-12 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-0495
Mitre link : CVE-2002-0495
CVE.ORG link : CVE-2002-0495
JSON object : View
Products Affected
cgiscript
- cssearch_professional
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')