Bavo Message Editing Insecure CGI Vulnerability

Bavo Message Editing Insecure CGI Vulnerability

Bavo is a freely available, open source news reader written. It is designed for use on Linux, Unix, and Microsoft operating systems.

A problem with the software package could make it possible for a remote user to edit messages. The problem is in the filtering of input.

It is possible for a remote user to edit messages in the Bavo archive. By examining the Bavo source and learning the CGI syntax used by Bavo, a remote user may alter the contents of archived messages.

This problem makes it possible for an unauthorized remote user to alter the contents of posted messages.