CVE-2002-0495

Published Aug 12, 2002

Last updated 9 months ago

Overview

Description: csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C278C82B-A954-4468-AA06-D139D03DBE5D",
            "versionEndIncluding": "2.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References