Dispair 0.1/0.2 - Remote Command Execution
| EKU-ID: 27181 | CVE: CVE-2002-1868;OSVDB-59656 | OSVDB-ID: |
| Author: anonymous | Published: 2002-07-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27181 | CVE: CVE-2002-1868;OSVDB-59656 | OSVDB-ID: |
| Author: anonymous | Published: 2002-07-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open() function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges of the webserver process. http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id