Summary
The SuSE cgi 'sdbsearch.cgi' is installed.
This cgi allows a local (and possibly remote) user to execute arbitrary commands with the privileges of the HTTP server.
Solution
modify the script so that it filters
the HTTP_REFERRER variable, or delete it.
Severity
Classification
-
CVE CVE-2001-1130 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- AlefMentor Multiple SQL Injection Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities