Vulnerability Description
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cgiscript | Cssearch Professional | <= 2.3 |
Related Weaknesses (CWE)
References
- http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viProduct
- http://www.iss.net/security_center/static/8636.phpBroken LinkPatchVendor Advisory
- http://www.securityfocus.com/archive/1/264169Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/4368Broken LinkExploitPatch
- http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viProduct
- http://www.iss.net/security_center/static/8636.phpBroken LinkPatchVendor Advisory
- http://www.securityfocus.com/archive/1/264169Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/4368Broken LinkExploitPatch
FAQ
What is CVE-2002-0495?
CVE-2002-0495 is a vulnerability with a CVSS score of 10.0 (HIGH). csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file tha...
How severe is CVE-2002-0495?
CVE-2002-0495 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0495?
Check the references section above for vendor advisories and patch information. Affected products include: Cgiscript Cssearch Professional.