Required CVE Record Information
Description
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
References 4 Total
- securityfocus.com: 4368 vdb-entry
- http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
- iss.net: cssearch-url-execute-commands(8636) vdb-entry
- securityfocus.com: 20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- securityfocus.com: 4368 vdb-entryx_transferred
- http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 x_transferred
- iss.net: cssearch-url-execute-commands(8636) vdb-entryx_transferred
- securityfocus.com: 20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) mailing-listx_transferred