CVE-2002-1993

Description

webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.

Affected products

• affordable_web_space_design / affordable_web_space_design_webbbs4.0 – 4.0
• affordable_web_space_design / affordable_web_space_design_webbbs4.1 – 4.1
• affordable_web_space_design / affordable_web_space_design_webbbs4.2 – 4.2
• affordable_web_space_design / affordable_web_space_design_webbbs4.10 – 4.10
• affordable_web_space_design / affordable_web_space_design_webbbs4.11 – 4.11
• affordable_web_space_design / affordable_web_space_design_webbbs4.12 – 4.12
• affordable_web_space_design / affordable_web_space_design_webbbs4.20 – 4.20
• affordable_web_space_design / affordable_web_space_design_webbbs4.21 – 4.21
• affordable_web_space_design / affordable_web_space_design_webbbs4.22 – 4.22
• affordable_web_space_design / affordable_web_space_design_webbbs4.30 – 4.30
• affordable_web_space_design / affordable_web_space_design_webbbs4.31 – 4.31
• affordable_web_space_design / affordable_web_space_design_webbbs4.32 – 4.32
• affordable_web_space_design / affordable_web_space_design_webbbs4.33 – 4.33
• affordable_web_space_design / affordable_web_space_design_webbbs5.0 – 5.0

References

• MISChttp://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00232.html
• MISChttp://www.iss.net/security_center/static/9378.php
• MISChttp://www.securityfocus.com/bid/5048