CVE-2002-0924

Description

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.

Affected products

• cgiscript.net / csnews1.0 – 1.0
• cgiscript.net / csnews1.0_professional – 1.0_professional

References

• MISChttp://www.securityfocus.com/bid/4451
• MISChttp://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html