CVE-2002-1753
CGIScript.net csNews Professional - Remote Code Execution via setup Parameter
Title source: llmDescription
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
References (3)
Core 3
Core References
Broken Link mailing-list
x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00106.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4451
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8636
Scores
EPSS
0.2592
EPSS Percentile
97.7%
Details
CWE
CWE-94
Status
published
Products (1)
cgiscript/csnews_professional
1.0
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026