Dream Catchers Post-It! CGI Remote Arbitrary Command Execution Vulnerability

Dream Catchers Post-It! CGI Remote Arbitrary Command Execution Vulnerability

Post-It! is a CGI script which allows remote users to post comments and additions to an html file.

The script fails to properly validate user-supplied CGI parameters, which are used to send email via a shell command. Maliciously formed URLs submitted to the script may contain shell commands which will be run with the privilege level of the webserver (ie 'nobody').