header-logo
Suggest Exploit
vendor:
GlobalNoteScript
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Arbitrary Command Execution
78
CWE
Product Name: GlobalNoteScript
Affected Version From: 4.2
Affected Version To: 4.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:globalnotesoft:globalnotescript
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

GlobalNoteScript Remote Arbitrary Command Execution Vulnerability

GlobalNoteScript is prone to a remote arbitrary command execution vulnerability. Reportedly, this issue arises when the user-specified 'file' URI parameter of the 'read.cgi' script is supplied to the Perl open() routine. This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.

Mitigation:

Users should upgrade to the latest version of GlobalNoteScript.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14148/info

GlobalNoteScript is prone to a remote arbitrary command execution vulnerability.

Reportedly, this issue arises when the user-specified 'file' URI parameter of the 'read.cgi' script is supplied to the Perl open() routine.

This issue may facilitate unauthorized remote access in the context of the Web server to the affected computer.

GlobalNoteScript 4.20 and prior versions are affected. 

http://www.example.com/cgi-bin/bbs/read.cgi?file=|uname%20-a|&bbs_id=00001

Navigation

Suggest Exploit

Services By CQR