Phase:CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.
ReferencesBUGTRAQ:Tuesday, June 11, 2002 CGIscript.net - csNews.cgi - Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html | BID:4451 | URL:http://www.securityfocus.com/bid/4451
Votes:Proposed (Friday, August 30, 2002)
Comments: ACCEPT(1) Cole | MODIFY(1) Frech | NOOP(2) Wall, Foat | REVIEWING(1) Christey
F7: Frech> XF:cgiscript-url-execute-commands(8636) | Christey> need to see if this is the same as CVE-2002-0495