Multiple Remote Vulnerabilities in MyServer 'math_sum.mscgi' Script

vendor:

MyServer

by:

Unknown

7.5

CVSS

HIGH

Boundary Condition Error, Input Validation Issue

Unknown

CWE

Product Name: MyServer

Affected Version From: 2000.6.2

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Multiple Remote Vulnerabilities in MyServer ‘math_sum.mscgi’ Script

The boundary condition error allows an attacker to execute arbitrary code on the affected computer. The input validation issue can be exploited for cross-site scripting attacks.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10831/info

Reportedly MyServer is affected by multiple remote vulnerabilities in the 'math_sum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly sanitize user-supplied URI input.

An attacker could exploit the boundary condition issue to execute arbitrary code on the affected computer with the privileges of the user that started the affected application. The input validation issue could be leveraged to carry out cross-site scripting attacks against the affected computer.

These issues are reported to affect MyServer version 0.6.2, it is likely other versions are also affected.

http://www.example.com/cgi-bin/math_sum.mscgi?a=[code]&b=[code]