Description
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Steve Gustin · textwebappscgi
https://www.exploit-db.com/exploits/21533
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9333.php
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4994
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
Scores
EPSS
0.0306
EPSS Percentile
86.8%
Details
Status
published
Products (2)
cgiscript.net/csnews
1.0
cgiscript.net/csnews
1.0_professional
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026