https://www.exploit-db.com/exploits/25939

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/14148/info

GlobalNoteScript is prone to a remote arbitrary command execution vulnerability.

Reportedly, this issue arises when the user-specified 'file' URI parameter of the 'read.cgi' script is supplied to the Perl open() routine.

This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.

GlobalNoteScript 4.20 and prior versions are affected. 

http://www.example.com/cgi-bin/bbs/read.cgi?file=|uname%20-a|&bbs_id=00001