Cgiscript.net Csmailto.cgi Program Allows Remot vulnerability report
vulnerabilities.aspcode.net
Phase:
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
References
BUGTRAQ:Tuesday, April 23, 2002 CGIscript.net - csMailto.cgi - Remote Command Execution | URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html | MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5
Votes:
Proposed (Friday, July 26, 2002)
Comments:
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
F7:
Tagged as
form-attachment
CGIscriptnet
csMailtocgi
specifying
arbitrary
attackers
filename
program
target
allows
remote
field
files
read