Vulnerability Description
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cgiscript | Csnews Professional | 1.0 |
Related Weaknesses (CWE)
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.htmlBroken Link
- http://www.securityfocus.com/bid/4451Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8636Third Party AdvisoryVDB Entry
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.htmlBroken Link
- http://www.securityfocus.com/bid/4451Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8636Third Party AdvisoryVDB Entry
FAQ
What is CVE-2002-1753?
CVE-2002-1753 is a vulnerability with a CVSS score of 7.5 (HIGH). csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
How severe is CVE-2002-1753?
CVE-2002-1753 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1753?
Check the references section above for vendor advisories and patch information. Affected products include: Cgiscript Csnews Professional.