Description
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
Remediation
References
Related Vulnerabilities
IBM WebSEAL Improper Input Validation Vulnerability (CVE-2021-20496)
Oracle Application Server CVE-2007-5524 Vulnerability (CVE-2007-5524)
PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4792)
WordPress Plugin Advanced Custom Fields (ACF) Multiple Security Bypass Vulnerabilities (5.10.2)