10 lines
No EOL
578 B
Text
10 lines
No EOL
578 B
Text
source: http://www.securityfocus.com/bid/14182/info
|
|
|
|
pngren is prone to a remote arbitrary command execution vulnerability.
|
|
|
|
Reportedly, this issue arises when the user-specified values are passed to the 'kaiseki.cgi' script. Due to this, an attacker can supply arbitrary commands and have them executed in the context of the server.
|
|
|
|
This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.
|
|
|
|
http://www.example.com/cgi-bin/kaiseki.cgi?file.exetension|command|
|
|
http://www.example.com/cgi-bin/kaiseki.cgi?|command| |