Description
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Remediation
References
Related Vulnerabilities
WordPress Plugin WPFront Notification Bar Cross-Site Scripting (1.9.1.04012)
WordPress Plugin W3 Total Cache Backdoor (0.9.2.2)
WordPress Plugin RSVP and Event Management Cross-Site Scripting (2.3.7)
Magento Cleartext Storage of Sensitive Information Vulnerability (CVE-2019-8118)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.2)