Steve Grimm » Un-cgi : Security Vulnerabilities, CVEs,
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
Max CVSS
7.5
EPSS Score
2.57%
Published
2001-07-17
Updated
2008-09-10
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
Max CVSS
7.5
EPSS Score
6.90%
Published
2001-07-17
Updated
2008-09-10
2 vulnerabilities found