Un-CGI 1.9 and previous versions does not verify that a CGI script has the execution bits set before executing it, which allows remote malicious users to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
steve grimm un-cgi 1.6.2 |
||
steve grimm un-cgi 1.7 |
||
steve grimm un-cgi 1.8 |
||
steve grimm un-cgi 1.9 |
||
steve grimm un-cgi 1.5 |
||
steve grimm un-cgi 1.6.1 |
||
steve grimm un-cgi 1.0 |
||
steve grimm un-cgi 1.1 |
||
steve grimm un-cgi 1.2 |
||
steve grimm un-cgi 1.3 |
||
steve grimm un-cgi 1.4 |
||
steve grimm un-cgi 1.6 |