CVE-2002-0918

CGIScript.net csPassword.cgi - Info Disclosure

Title source: llm

Description

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.

Exploits (1)

exploitdb WRITEUP

webappscgi

https://www.exploit-db.com/exploits/21494

View Code ZIP pw:eip

References (3)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/4887

[Patch, Vendor Advisory] http://www.iss.net/security_center/static/9221.php

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/274727

Scores

EPSS 0.1439

EPSS Percentile 94.4%

Details

Status published

Products (1)

cgiscript.net/cspassword 1.0

Published Oct 04, 2002

Tracked Since Feb 18, 2026