11 lines
No EOL
520 B
Text
11 lines
No EOL
520 B
Text
source: https://www.securityfocus.com/bid/14148/info
|
|
|
|
GlobalNoteScript is prone to a remote arbitrary command execution vulnerability.
|
|
|
|
Reportedly, this issue arises when the user-specified 'file' URI parameter of the 'read.cgi' script is supplied to the Perl open() routine.
|
|
|
|
This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.
|
|
|
|
GlobalNoteScript 4.20 and prior versions are affected.
|
|
|
|
http://www.example.com/cgi-bin/bbs/read.cgi?file=|uname%20-a|&bbs_id=00001 |