guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote malicious users to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 1.3.9 |
||
matt wright matt wright guestbook 2.3 |