GlobalNoteScript 4.20 – ‘Read.cgi’ Remote Command Execution

GlobalNoteScript 4.20 – ‘Read.cgi’ Remote Command Execution

漏洞ID 1055222 漏洞类型
发布时间 2005-07-05 更新时间 2005-07-05
图片[1]-GlobalNoteScript 4.20 – ‘Read.cgi’ Remote Command Execution-安全小百科CVE编号 N/A
图片[2]-GlobalNoteScript 4.20 – ‘Read.cgi’ Remote Command Execution-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25939
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14148/info

GlobalNoteScript is prone to a remote arbitrary command execution vulnerability.

Reportedly, this issue arises when the user-specified 'file' URI parameter of the 'read.cgi' script is supplied to the Perl open() routine.

This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.

GlobalNoteScript 4.20 and prior versions are affected. 

http://www.example.com/cgi-bin/bbs/read.cgi?file=|uname%20-a|&bbs_id=00001

相关推荐: Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability

Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability 漏洞ID 1101562 漏洞类型 Failure to Handle Exce…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享