9 lines
No EOL
498 B
Text
9 lines
No EOL
498 B
Text
source: http://www.securityfocus.com/bid/14091/info
|
|
|
|
imTRBBS is affected by a remote command execution vulnerability.
|
|
|
|
Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'im_trbbs.cgi' script that will be executed in the context of the Web server running the application.
|
|
|
|
This issue is reported to affect imTRBBS version 1.02; other versions may also be vulnerable.
|
|
|
|
http://www.example.com/cgi-bin/im_trbbs.cgi?uid=parameter&df=bbs.dat|ls| |