GlobalNoteScript 4.20 – ‘Read.cgi’ Remote Command Execution

33次阅读
没有评论

GlobalNoteScript 4.20 – ‘Read.cgi’ Remote Command Execution

漏洞ID 1055222 漏洞类型
发布时间 2005-07-05 更新时间 2005-07-05
GlobalNoteScript 4.20 - 'Read.cgi' Remote Command ExecutionCVE编号 N/A
 		GlobalNoteScript 4.20 - 'Read.cgi' Remote Command ExecutionCNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25939
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14148/info

GlobalNoteScript is prone to a remote arbitrary command execution vulnerability.

Reportedly, this issue arises when the user-specified 'file' URI parameter of the 'read.cgi' script is supplied to the Perl open() routine.

This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.

GlobalNoteScript 4.20 and prior versions are affected. 

http://www.example.com/cgi-bin/bbs/read.cgi?file=|uname%20-a|&bbs_id=00001

相关推荐: Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability

Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability 漏洞ID 1101562 漏洞类型 Failure to Handle Exce…

正文完
cgi globalnotescript 漏洞
发表至: 网络安全漏洞
2021年4月9日
 0
文章搜索
热门文章
随机文章