Cgicentral » Webstore 400 : Security Vulnerabilities, CVEs,
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
Max CVSS
7.5
EPSS Score
2.51%
Published
2001-06-12
Updated
2017-12-19
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
Max CVSS
7.5
EPSS Score
2.97%
Published
2001-06-12
Updated
2017-12-19
2 vulnerabilities found