CVE-2002-0495

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
References
Link Resource
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 Product
http://www.iss.net/security_center/static/8636.php Broken Link Patch Vendor Advisory
http://www.securityfocus.com/archive/1/264169 Broken Link Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/4368 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:*

History

13 Feb 2024, 16:20

Type Values Removed Values Added
First Time Cgiscript cssearch Professional
Cgiscript
CPE cpe:2.3:a:cgiscript.net:cssearch:2.3:*:*:*:*:*:*:* cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:*
References (XF) http://www.iss.net/security_center/static/8636.php - Patch, Vendor Advisory (XF) http://www.iss.net/security_center/static/8636.php - Broken Link, Patch, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/264169 - Vendor Advisory (BUGTRAQ) http://www.securityfocus.com/archive/1/264169 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/4368 - Exploit, Patch, Vendor Advisory (BID) http://www.securityfocus.com/bid/4368 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References (MISC) http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 - (MISC) http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 - Product
CWE NVD-CWE-Other CWE-94

Information

Published : 2002-08-12 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2002-0495

Mitre link : CVE-2002-0495

CVE.ORG link : CVE-2002-0495


JSON object : View

Products Affected

cgiscript

  • cssearch_professional
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')