CGI Script Center Auction Weaver Remote Command Execution Vulnerability
BID:1645
Info
CGI Script Center Auction Weaver Remote Command Execution Vulnerability
| Bugtraq ID: | 1645 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-0690 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 30 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | Posted to Bugtraq on August 30, 2000 by teleh0r <[email protected]>. |
| Vulnerable: |
CGI Script Center Auction Weaver 1.0.2 |
| Not Vulnerable: | |
Discussion
CGI Script Center Auction Weaver Remote Command Execution Vulnerability
CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable 'fromfile'.
CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable 'fromfile'.
Solution / Fix
CGI Script Center Auction Weaver Remote Command Execution Vulnerability
Solution:
The latest version of Auction Weaver is not susceptible to this vulnerability. It can be downloaded from the following location:
http://www.cgiscriptcenter.com/awl/
Solution:
The latest version of Auction Weaver is not susceptible to this vulnerability. It can be downloaded from the following location:
http://www.cgiscriptcenter.com/awl/
References
CGI Script Center Auction Weaver Remote Command Execution Vulnerability
References:
References:
- Auction Weaver Product Homepage (CGI Script Center)