Vulnerability Name:

CVE-2002-0924 (CCN-8636)

Assigned:2002-03-25
Published:2002-03-25
Updated:2008-09-10
Summary:CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Mar 25 2002 - 16:47:23 CST
CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)

Source: CCN
Type: BugTraq Mailing List, Mon Apr 08 2002 - 12:39:53 CDT
multiple CGIscript.net scripts - Remote Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities

Source: MITRE
Type: CNA
CVE-2002-0495

Source: MITRE
Type: CNA
CVE-2002-0924

Source: MITRE
Type: CNA
CVE-2002-1750

Source: MITRE
Type: CNA
CVE-2002-1751

Source: MITRE
Type: CNA
CVE-2002-1752

Source: MITRE
Type: CNA
CVE-2002-1753

Source: CCN
Type: CGIScript.net Web site
CGI Script.net - Webmaster Resource Site - Free and Professional CGI Scripts and JavaScripts

Source: CCN
Type: OSVDB ID: 59542
CGIScript.net csGuestbook csGuestbook.cgi setup Parameter Arbitrary Perl Code Execution

Source: CCN
Type: OSVDB ID: 59543
CGIScript.net csLiveSupport csLiveSupport.cgi setup Parameter Arbitrary Perl Code Execution

Source: CCN
Type: OSVDB ID: 59544
CGIScript.net csChat-R-Box csChatRBox.cgi setup Parameter Arbitrary Perl Code Execution

Source: CCN
Type: OSVDB ID: 59545
CGIScript.net csNews Professional (csNewsPro) csNewsPro.cgi setup Parameter Arbitrary Perl Code Execution

Source: CCN
Type: OSVDB ID: 761
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 8132
CGIScript.net csNews.cgi Advanced Settings Command Execution

Source: CCN
Type: BID-4368
CSSearch Remote Command Execution Vulnerability

Source: CCN
Type: BID-4448
CSGuestbook Remote Command Execution Vulnerability

Source: CCN
Type: BID-4450
CSLiveSupport Remote Command Execution Vulnerability

Source: BID
Type: UNKNOWN
4451

Source: CCN
Type: BID-4451
CSNews Remote Command Execution Vulnerability

Source: CCN
Type: BID-4452
CSChat-R-Box Remote Command Execution Vulnerability

Source: XF
Type: UNKNOWN
cgiscript-url-execute-commands(8636)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cgiscript.net:csnews:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:cgiscript.net:csnews:1.0_professional:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cgiscript.net csnews 1.0
    cgiscript.net csnews 1.0_professional