Release DateJan 05, 2012 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates a possible exploit of a Remote Code Execution Vulnerability in csNewsPro.cgi of CGIScript.net csNews Professional.An attacker may send a specially crafted HTTP request containing link to malicious perl code on setup parameter, which will be run on the affected server within the privilege of web server process. csNews Professional is an easy content management system. |
Affected ProductsCGISCRIPT.NET csNews Professional 1.0 |
Recommended ActionsApply appropriate patch from the vendor. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-1753 |
Reference/shttp://www.securityfocus.com/bid/4451 (BugTraq) |
