CVE-2002-1753

csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cgiscript:csnews_professional:1.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:42

Type Values Removed Values Added
References () http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html - Broken Link () http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html - Broken Link
References () http://www.securityfocus.com/bid/4451 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/4451 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/8636 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/8636 - Third Party Advisory, VDB Entry

14 Feb 2024, 16:56

Type Values Removed Values Added
References (BUGTRAQ) http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html - (BUGTRAQ) http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/8636 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/8636 - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/4451 - (BID) http://www.securityfocus.com/bid/4451 - Broken Link, Third Party Advisory, VDB Entry
CWE NVD-CWE-Other CWE-94
CVSS v2 : 5.0
v3 : unknown
v2 : 7.5
v3 : unknown
CPE cpe:2.3:a:cgiscript.net:csnewspro:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cgiscript.net:csnews:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cgiscript:csnews_professional:1.0:*:*:*:*:*:*:*
First Time Cgiscript csnews Professional
Cgiscript

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:42


NVD link : CVE-2002-1753

Mitre link : CVE-2002-1753

CVE.ORG link : CVE-2002-1753


JSON object : View

Products Affected

cgiscript

  • csnews_professional
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')