CVE-2002-1753

CGIScript.net csNews Professional - Remote Code Execution via setup Parameter

Title source: llm
STIX 2.1

Description

csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.

References (3)

Core 3
Core References
Broken Link mailing-list x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4451
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8636

Scores

EPSS 0.2592
EPSS Percentile 97.7%

Details

CWE
CWE-94
Status published
Products (1)
cgiscript/csnews_professional 1.0
Published Dec 31, 2002
Tracked Since Feb 18, 2026