Vulnerability Description
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Goscript Project | Goscript | 2.0 |
References
- http://marc.info/?l=bugtraq&m=109164242705572&w=2ExploitThird Party Advisory
- http://openwall.com/lists/oss-security/2013/12/12/8Mailing ListThird Party Advisory
- https://github.com/mikaku/Monitorix/issues/30ExploitIssue TrackingThird Party Advisory
- http://marc.info/?l=bugtraq&m=109164242705572&w=2ExploitThird Party Advisory
- http://openwall.com/lists/oss-security/2013/12/12/8Mailing ListThird Party Advisory
- https://github.com/mikaku/Monitorix/issues/30ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2004-2776?
CVE-2004-2776 is a vulnerability with a CVSS score of 9.8 (CRITICAL). go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
How severe is CVE-2004-2776?
CVE-2004-2776 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2004-2776?
Check the references section above for vendor advisories and patch information. Affected products include: Goscript Project Goscript.