Detections
Analytics

Mountain Network Systems webcart.cgi Arbitrary Command Execution

high Nessus Plugin ID 11095

Synopsis

The remote CGI script is vulnerable to command execution.

Description

webcart.cgi is installed and does not properly filter user input.
An attacker may use this flaw to execute any command on your system.

Solution

Upgrade your software or firewall your web server.

See Also

https://seclists.org/bugtraq/2001/Oct/159

Plugin Details

Severity: High

ID: 11095

File Name: webcart_cmd_exec.nasl

Version: 1.31

Type: remote

Family: CGI abuses

Published: 8/21/2002

Updated: 5/12/2022

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 10/18/2001

Reference Information

CVE: CVE-2001-1502

BID: 3453