Vulnerability Details : CVE-2002-0495
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
Products affected by CVE-2002-0495
- cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0495
1.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0495
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2002-0495
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-0495
-
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
CGIScript.net :: Automate your website for less!Product
-
http://www.iss.net/security_center/static/8636.php
Broken Link;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/4368
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.securityfocus.com/archive/1/264169
Broken Link;Third Party Advisory;VDB Entry;Vendor Advisory
Jump to