Synopsis :

The remote CGI script is vulnerable to a buffer overflow.

Description :

The mini-sql program comes with the w3-msql CGI which is vulnerable
to a buffer overflow.

An attacker may use it to gain a shell on this system.

See also :

http://archives.neohapsis.com/archives/bugtraq/1999-q4/0475.html

Solution :

Contact the vendor for a patch or remove the CGI.
A patch was also provided with the original disclosure notice.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : true