Multiple Remote Vulnerabilities in MyServer math_sum.mscgi Script

vendor:

MyServer

by:

7.5

CVSS

HIGH

Boundary Condition Error, Input Validation Issue

CWE

Product Name: MyServer

Affected Version From: 2000.6.2

Affected Version To: 2000.6.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple Remote Vulnerabilities in MyServer math_sum.mscgi Script

The boundary condition error allows an attacker to execute arbitrary code with the user's privileges, while the input validation issue can be leveraged for cross-site scripting attacks.

Mitigation:

Update to a patched version of MyServer, if available. Additionally, input validation should be implemented to sanitize user-supplied URI input.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10831/info
 
Reportedly MyServer is affected by multiple remote vulnerabilities in the 'math_sum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly sanitize user-supplied URI input.
 
An attacker could exploit the boundary condition issue to execute arbitrary code on the affected computer with the privileges of the user that started the affected application. The input validation issue could be leveraged to carry out cross-site scripting attacks against the affected computer.
 
These issues are reported to affect MyServer version 0.6.2, it is likely other versions are also affected.

http://www.example.com/cgi-bin/math_sum.mscgi?a=[AAA...x86...AAA]