Leif M. Wright everythingform.cgi Arbitrary Command Execution Vulnerability

An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool.

The script fails to properly filter shell commands from user-supplied input to the 'config' field.

As a result, the script can be made to run arbitrary shell commands with the privilege of the web server.


 

Privacy Statement
Copyright 2010, SecurityFocus