source: wwwsecurityfocuscom/bid/1104/info
BizDB is a web databse integration product using perl CGI scripts One of the scripts, bizdb-searchcgi, passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the webserver
The variable is dbname, and if passed a semicolo ...