Description
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Steve Gustin · textwebappscgi
https://www.exploit-db.com/exploits/21494
exploitdb
WRITEUP
VERIFIED
by Steve Gustin · textwebappscgi
https://www.exploit-db.com/exploits/21495
References (3)
Core 3
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9222.php
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4888
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/274727
Scores
EPSS
0.1244
EPSS Percentile
93.9%
Details
Status
published
Products (1)
cgiscript.net/cspassword
1.0
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026