Summary
The remote web server contains the 'inserter' CGI.
The inserter.cgi contains a vulnerability that allows remote attackers to cause the CGI to execute arbitrary commands with the privileges of the web server by supplying it with a piped instruction or to include arbitrary files by providing an absolute path to the location of the file.
Solution
Delete this file
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Allegro RomPager `Misfortune Cookie` Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- A-A-S Application Access Server Multiple Vulnerabilities