Vulnerability Name: | CVE-2002-0924 (CCN-8636) | ||||||||
Assigned: | 2002-03-25 | ||||||||
Published: | 2002-03-25 | ||||||||
Updated: | 2008-09-10 | ||||||||
Summary: | CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Mar 25 2002 - 16:47:23 CST CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) Source: CCN Type: BugTraq Mailing List, Mon Apr 08 2002 - 12:39:53 CDT multiple CGIscript.net scripts - Remote Code Execution Source: BUGTRAQ Type: UNKNOWN 20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities Source: MITRE Type: CNA CVE-2002-0495 Source: MITRE Type: CNA CVE-2002-0924 Source: MITRE Type: CNA CVE-2002-1750 Source: MITRE Type: CNA CVE-2002-1751 Source: MITRE Type: CNA CVE-2002-1752 Source: MITRE Type: CNA CVE-2002-1753 Source: CCN Type: CGIScript.net Web site CGI Script.net - Webmaster Resource Site - Free and Professional CGI Scripts and JavaScripts Source: CCN Type: OSVDB ID: 59542 CGIScript.net csGuestbook csGuestbook.cgi setup Parameter Arbitrary Perl Code Execution Source: CCN Type: OSVDB ID: 59543 CGIScript.net csLiveSupport csLiveSupport.cgi setup Parameter Arbitrary Perl Code Execution Source: CCN Type: OSVDB ID: 59544 CGIScript.net csChat-R-Box csChatRBox.cgi setup Parameter Arbitrary Perl Code Execution Source: CCN Type: OSVDB ID: 59545 CGIScript.net csNews Professional (csNewsPro) csNewsPro.cgi setup Parameter Arbitrary Perl Code Execution Source: CCN Type: OSVDB ID: 761 csSearch csSearch.cgi setup Parameter Arbitrary Command Execution Source: CCN Type: OSVDB ID: 8132 CGIScript.net csNews.cgi Advanced Settings Command Execution Source: CCN Type: BID-4368 CSSearch Remote Command Execution Vulnerability Source: CCN Type: BID-4448 CSGuestbook Remote Command Execution Vulnerability Source: CCN Type: BID-4450 CSLiveSupport Remote Command Execution Vulnerability Source: BID Type: UNKNOWN 4451 Source: CCN Type: BID-4451 CSNews Remote Command Execution Vulnerability Source: CCN Type: BID-4452 CSChat-R-Box Remote Command Execution Vulnerability Source: XF Type: UNKNOWN cgiscript-url-execute-commands(8636) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |