Описание
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
Ссылки
- Product
- Broken LinkPatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Product
- Broken LinkPatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3 (включая)
cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.15154
Средний
10 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
EPSS
Процентиль: 94%
0.15154
Средний
10 Critical
CVSS2
Дефекты
CWE-94