csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
References
Link | Resource |
---|---|
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 | Product |
http://www.iss.net/security_center/static/8636.php | Broken Link Patch Vendor Advisory |
http://www.securityfocus.com/archive/1/264169 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://www.securityfocus.com/bid/4368 | Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2003-04-02T05:00:00
Updated: 2002-06-15T09:00:00
Reserved: 2002-06-07T00:00:00
Link: CVE-2002-0495
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2024-02-13T16:20:12.450
Link: CVE-2002-0495
JSON object: View
Redhat Information
No data.
CWE