Ranson Johnson mailto.cgi Piped Address Vulnerability

The value of the 'emailadd' variable in Ranson Johnson's Combination Mail-to and Credit Card Orderform is used in conjunction with a piped open. This value is supplied by users filling out the form. This opens up the possibility of remote command execution with the privilege level of the web server by entering specially crafted values into the 'emailadd' field on the form.


 

Privacy Statement
Copyright 2010, SecurityFocus